5 Security Token Service WLST Commands
The Security Token Service Commandssection lists the Security Token Service WLST commands and contains links to the command reference details.
5.1 Security Token Service Commands
Use these WLST commands to manage Security Token Service.
The Security Token Service WLST commands are divided into the following categories:
-
Partner Commands are related to tasks involving partners.
-
WS-Prefix to Relying Party Partner Mapping Commands are used to map a service URL, specified in the AppliesTo field of a WS-Trust RST request, to a partner of type Relying Party. The WS prefix string can be an exact service URL, or a URL with a parent path to the service URL. For example, if a mapping is defined to map a WS Prefix (http://test.com/service) to a Relying Party (RelyingPartyPartnerTest), then the following service URLs would be mapped to the Relying Party: http://test.com/service, http://test.com/service/calculatorService, http://test.com/service/shop/cart...
-
Partner Profiles Commands are related to tasks involving partner profiles.
-
Issuance Templates Commands are related to tasks involving issuance templates.
-
Validation Templates Commands are related to tasks involving validation templates.
Table 5-1 WLST Commands for Security Token Service
Use this command... | To... | Use with WLST... |
---|---|---|
Partner Commands |
||
Retrieve a partner and print result. |
Online |
|
Retrieve the names of Requester partners. |
Online |
|
Retrieve the names of all Relying Party partners. |
Online |
|
Retrieve the names of all Issuing Authority partners. |
Online |
|
Query Security Token Service to determine whether or not the partner exists in the Partner store. |
Online |
|
Create a new Partner entry. |
Online |
|
Update an existing Partner entry based on the provided information. |
Online |
|
Delete a partner entry. |
Online |
|
Retrieve the partner's username value. |
Online |
|
Retrieve the partner's password value. |
Online |
|
Set the username and password values of a partner entry. |
Online |
|
Remove the username and password values from a partner entry. |
Online |
|
Retrieve the Base64 encoded signing certificate for the partner. |
Online |
|
Retrieve the Base64 encoded encryption certificate for the partner. |
Online |
|
Upload the signing certificate to the partner entry. |
Online |
|
Upload the encryption certificate to the partner entry. |
Online |
|
Remove the signing certificate from the partner entry. |
Online Offline |
|
Remove the encryption certificate from the partner entry. |
Online Offline |
|
Retrieve and display all Identity mapping attributes used to map a token to a requester partner. |
Online Offline |
|
Retrieve and display the identity mapping attribute. |
Online Offline |
|
Set the identity mapping attribute for a requester partner. |
Online Offline |
|
Delete the identity mapping attribute for a requester partner. |
Online Offline |
|
Relying Party Partner Mapping Commands |
||
Retrieve and display all WS Prefixes. |
Online Offline |
|
Retrieve and display the Relying Party Partner mapped to the specified wsprefix parameter. |
Online Offline |
|
Create a new WS Prefix mapping to a Relying Partner. |
Online Offline |
|
Delete an existing WS Prefix mapping to a Relying Partner. |
Online Offline |
|
Partner Profiles Commands |
||
Retrieve the names of all the existing partner profiles. |
Online |
|
Retrieve partner profile configuration data. |
Online |
|
Create a new Requester Partner profile with default configuration data. |
Online |
|
Create a new Relying Party Partner profile with default configuration data. |
Online |
|
Create a new Issuing Authority Partner profile with default configuration data. |
Online |
|
Delete an existing partner profile. |
Online |
|
Issuance Template Commands |
||
Retrieve the names of all the existing Issuance Templates. |
Online Offline |
|
Retrieve configuration data of a specific Issuance Template. |
Online |
|
Create a new Issuance Template with default configuration data. |
Online |
|
Delete an existing Issuance Template. |
Online Offline |
|
Validation Template Commands |
||
Retrieve the names of all the existing Validation Templates. |
Online Offline |
|
Retrieve configuration data of a specific Validation Template. |
Online Offline |
|
Create a new WS Security Validation Template with default configuration data. |
Online Offline |
|
Create a new WS Trust Validation Template with default configuration data. |
Online Offline |
|
Delete an existing Issuance Template. |
Online Offline |
|
Modify configuration to allows MSAS/OWSM policies to work |
Online |
5.1.1 getPartner
The getPartner command is an online command that retrieves the Partner entry and prints out the configuration for this partner. This command belongs to Partner commands category.
Description
Retrieves the Partner entry and prints out the configuration for this partner.
Syntax
getPartner(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the partnerId: the ID of the partner. |
Example
The following invocation retrieves the Partner entry and prints out the configuration for customPartner
:
getPartner(partnerId="customPartner")
5.1.2 getAllRequesterPartners
The getAllRequesterPartners command is an online command that retrieves Requester type partners. This command belongs to Partner commands category.
Description
Retrieves Requester type partners.
Syntax
getAllRequesterPartners()
Example
The following invocation retrieves Requester type partners:
getAllRequesterPartners()
5.1.3 getAllRelyingPartyPartners
The getAllRelyingPartyPartners command is an online command that retrieves Relying Party partners. This command belongs to Partner commands category.
Description
Retrieves the Relying Party partners.
Syntax
getAllRelyingPartyPartners()
Example
The following invocation retrieves Relying Party partners:
getAllRelyingPartyPartners()
5.1.4 getAllIssuingAuthorityPartners
The getAllIssuingAuthorityPartners command is an online command that retrieves Issuing Authority partners and prints out the result. This command belongs to Partner command category.
Description
Retrieves the Issuing Authority partners and prints out the result.
Syntax
getAllIssuingAuthorityPartners()
Example
The following invocation retrieves Issuing Authority partners and prints out the result:
getAllIssuingAuthorityPartners()
5.1.5 isPartnerPresent
The isPartnerPresent command is an command that queries the Security Token Service to determine whether or not the specified partner exists in the Partner store. This command belongs to Partner command category.
Description
Queries the Security Token Service to determine whether or not the specified partner exists in the Partner store, and prints out the result.
Syntax
isPartnerPresent(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
Example
The following invocation queries the Security Token Service to determine whether or not customPartner
exists in the Partner store, and prints out the result:
isPartnerPresent(partnerId="customPartner")
5.1.6 createPartner
The createPartner command is an online command that creates a new Partner entry. This command belongs to Partner command category.
Description
Creates a new Partner entry based on provided information. Displays a message indicating the result of the operation.
Syntax
createPartner(partnerId, partnerType, partnerProfileId, description, bIsTrusted)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the new partner to be created. |
partnerType |
Specifies the type of partner. Values can be one of the following:
|
partnerProfileId |
Specifies the profile ID to be attached to this partner. It must reference an existing partner profile, and the type of the partner profile must be compliant with the type of the new partner entry. |
description |
Specifies the optional description of this new partner entry. |
bIsTrusted |
A value that indicates whether or not this new partner is trusted. Value can be either:
|
Example
The following invocation creates STS_Requestor partner, customPartner, custom-partnerprofile
with a description (custom requester
), with a trust value of true
, displays a message indicating the result of the operation:
createPartner(partnerId="customPartner", partnerType="STS_REQUESTER", partnerProfileId="custom-partnerprofile", description="custom requester", bIsTrusted="true")
5.1.7 updatePartner
The updatePartner command is an online command that updates an existing Partner entry. This command belongs to Partner command category.
Description
Updates an existing Partner entry based on the provided information. Displays a message indicating the result of the operation.
Syntax
updatePartner(partnerId, partnerProfileId, description, bIsTrusted)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the new partner to be updated. |
partnerProfileId |
Specifies the partner profile ID. It must reference an existing partner profile, and the type of the partner profile must be compliant with the type of the new partner entry. |
description |
Specifies the optional description f this new partner entry. |
bIsTrusted |
A value that indicates whether or not this new partner is trusted. Value can be either:
|
Example
The following invocation updates customPartner
with a new profile ID, (x509-wss-validtemp
), description (custom requester with new profile id
), and a trust value of false
. A message indicates the result of the operation:
updatePartner(partnerId="customPartner", partnerProfileId="x509-wss-validtemp", description="custom requester with new profile id", bIsTrusted="false")
5.1.8 deletePartner
The deletePartner command is an online command that deletes a partner entry from the Security Token Service. This command belongs to Partner command category.
Description
Deletes an existing Partner entry referenced by the partnerId
parameter from the Security Token Service, and prints out the result of the operation.
Syntax
deletePartner(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner to be deleted. |
Example
The following invocation deletes the customPartner
partner entry referenced by the partnerId parameter from the Security Token Service, and prints out the result of the operation:
deletePartner(partnerId="customPartner")
5.1.9 getPartnerUsernameTokenUsername
The getPartnerUsernameTokenUsername command is an online command that retrieves a partner's username value that will be used for UNT credentials partner validation or mapping operation. This command belongs to Partner command category.
Description
Retrieves a partner's username value that will be used for UNT credentials partner validation or mapping operation, and displays the value.
Syntax
getPartnerUsernameTokenUsername(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
Example
The following invocation retrieves the customPartner
partner username value that will be used for UNT credentials partner validation or mapping operation, and displays the value:
getPartnerUsernameTokenUsername(partnerId="customPartner")
5.1.10 getPartnerUsernameTokenPassword
The getPartnerUsernameTokenPassword command is an online command that retrieves a partner's password value that will be used for UNT credentials partner validation or mapping operation. This command belongs to Partner command category.
Description
Retrieves a partner password value that will be used for UNT credentials partner validation or mapping operation, and displays the value.
Syntax
getPartnerUsernameTokenPassword(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
Example
The following invocation retrieves customPartner
partner password value that will be used for UNT credentials partner validation or mapping operation, and displays the value:
getPartnerUsernameTokenPassword(partnerId="customPartner")
5.1.11 setPartnerUsernameTokenCredential
The setPartnerUsernameTokenCredential command is an online command that sets the username and password values of a partner entry, that will be used for UNT credentials partner validation or mapping operation. This command belongs to Partner command category.
Description
Sets the username and password values of a partner entry, that will be used for UNT credentials partner validation or mapping operation. Displays the result of the operation.
Syntax
setPartnerUsernameTokenCredential(partnerId, UTUsername, UTPassword)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
UTUsername |
Specifies the username value used for UNT credentials validation or mapping operations. |
UTPassword |
Specifies the username value used for UNT credentials validation or mapping operations. |
Example
The following invocation sets the username and password values of the customPartner
partner entry, and displays the result of the operation:
setPartnerUsernameTokenCredential(partnerId="customPartner", UTUsername="test", UTPassword="password")
5.1.12 deletePartnerUsernameTokenCredential
The deletePartnerUsernameTokenCredential command is an online command that removes the username and password values from a partner entry that are used for UNT credentials partner validation or mapping operation, and displays the result of the operation. This command belongs to Partner command category.
Description
Removes the username and password values from a partner entry that are used for UNT credentials partner validation or mapping operation, and displays the result of the operation.
Syntax
deletePartnerUsernameTokenCredential(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner to be deleted. |
Example
The following invocation removes the username and password values from a partner entry that are used for UNT credentials partner validation or mapping operation, and displays the result of the operation:
deletePartnerUsernameTokenCredential(partnerId="customPartner")
5.1.13 getPartnerSigningCert
The getPartnerSigningCert command is an online command that retrieves the Base64 encoded signing certificate for the partner referenced by the partnerId parameter, and displays its value, as a Base64 encoded string. This command belongs to Partner command category.
Description
Retrieves the Base64 encoded signing certificate for the partner referenced by the partnerId parameter, and displays its value, as a Base64 encoded string.
Syntax
getPartnerSigningCert(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
Example
The following invocation retrieves Base64 encoded signing certificate for the partner referenced by the partnerId parameter, and displays its value, as a Base64 encoded string:
getPartnerSigningCert(partnerId="customPartner")
5.1.14 getPartnerEncryptionCert
The getPartnerEncryptionCert command is an online command that retrieves the Base64 encoded encryption certificate, and displays its value as a Base64 encoded string. This command belongs to Partner command category.
Description
Retrieves the Base64 encoded encryption certificate for the partner referenced by the partnerId parameter, and displays its value as a Base64 encoded string.
Syntax
getPartnerEncryptionCert(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
Example
The following invocation retrieves the Base64 encoded encryption certificate for the partner referenced by the partnerId parameter, and displays its value, as a Base64 encoded string:
getPartnerEncryptionCert(partnerId="customPartner")
5.1.15 setPartnerSigningCert
The setPartnerSigningCert command is an online command that Uploads the provided certificate to the partner entry as the signing certificate. Displays the result of the operation. This command belongs to Partner command category.
Description
Uploads the provided certificate to the partner entry (referenced by the partnerId parameter) as the signing certificate. The supported formats of the certificate are DER and PEM. Displays the result of the operation.
Syntax
setPartnerSigningCert(partnerId, certFile)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
certFile |
Specifies the location of the certificate on the local file system. Supported formats of the certificate are DER and PEM. |
Example
The following invocation uploads the provided certificate to the partner entry customPartner
as the signing certificate. Displays the result of the operation:
setPartnerSigningCert(partnerId="customPartner", certFile="/temp/signing_cert")
5.1.16 setPartnerEncryptionCert
The setPartnerEncryptionCert command is an online command that Uploads the provided certificate to the partner entry as the encryption certificate. Displays the result of the operation. This command belongs to Partner command category.
Description
Uploads the provided certificate to the partner entry (referenced by the partnerId parameter) as the encryption certificate. Displays the result of the operation.
Syntax
setPartnerEncryptionCert(partnerId, certFile)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
certFile |
Specifies the location of the certificate on the local filesystem. Supported formats of the certificate are DER and PEM. |
Example
The following invocation uploads the provided certificate to the partner entry customPartner
as the signing certificate. Displays the result of the operation:
setPartnerSigningCert(partnerId="customPartner", certFile="/temp/signing_cert")
5.1.17 deletePartnerSigningCert
The deletePartnerSigningCert command is an online command that removes the encryption certificate from the partner entry and displays the result of the operation. This command belongs to Partner command category.
Description
Removes the encryption certificate from the partner entry, referenced by the partnerId parameter, and displays the result of the operation.
Syntax
deletePartnerSigningCert(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
Example
The following invocation removes the encryption certificate from the partner entry, customPartner
, and displays the result of the operation:
deletePartnerSigningCert(partnerId="customPartner")
5.1.18 deletePartnerEncryptionCert
The deletePartnerEncryptionCert command is an online command that removes the signing certificate from the partner entry and displays the result of the operation. This command belongs to Partner command category.
Description
Removes the signing certificate from the partner entry, referenced by the partnerId parameter, and displays the result of the operation.
Syntax
deletePartnerEncryptionCert(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
Example
The following invocation removes the signing certificate from the partner entry, customPartner
, and displays the result of the operation:
deletePartnerEncryptionCert(partnerId="customPartner")
5.1.19 getPartnerAllIdentityAttributes
The getPartnerAllIdentityAttributes command is an online command that retrieves and displays all the identity mapping attributes used to map a token to a requester partner, or to map binding data (SSL Client certificate or HTTP Basic Username) to a requester partner. This command belongs to Partner command category.
Description
Retrieves and displays all the identity mapping attributes used to map a token to a requester partner, or to map binding data (SSL Client certificate or HTTP Basic Username) to a requester partner.
The identity mapping attributes only exist for partners of type Requester.
Syntax
getPartnerAllIdentityAttributes(partnerId)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the Requester partner. Identity mapping attributes only exist for partners of type Requester |
Example
The following invocation retrieves and displays all the identity mapping attributes used to map a token to a requester partner, or to map binding data (SSL Client certificate or HTTP Basic Username) to a requester partner: customPartner
.
getPartnerAllIdentityAttributes(partnerId="customPartner")
5.1.20 getPartnerIdentityAttribute
The getPartnerIdentityAttribute command is an online command that retrieves and displays identity mapping attributes used to map a token or to map binding data to a requester partner. This command belongs to Partner command category.
Description
Retrieves and displays an identity mapping attribute used to map a token to a requester partner, or to map binding data (SSL Client certificate or HTTP Basic Username) to a requester partner.
The identity mapping attributes only exist for partners of type Requester.
Syntax
getPartnerIdentityAttribute(partnerId, identityAttributeName)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the Requester partner. |
IdentityAttributeName |
Specifies the name of the identity mapping attribute to retrieve and display. For example: |
Example
The following invocation retrieves and displays one identityAttribute
and its value as specified by identityAttributeName
.
getPartnerIdentityAttribute(partnerId="customPartner", identityAttributeName="httpbasicusername")
5.1.21 setPartnerIdentityAttribute
The setPartnerIdentityAttribute command is an online command that sets the identity mapping attribute for the Requester partner. This command belongs to Partner command category.
Description
Set the identity mapping attribute specified by identityAttributeName
for the partner of type requester specified by the partnerId parameter. These identity mapping attributes only exist for Requester partners. Displays the result of the operation.
Syntax
setPartnerIdentityAttribute(partnerId, identityAttributeName, identityAttributeValue)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner of type Requester. |
identityAttributeName |
Specifies the name of the identity mapping attribute to retrieve and display. |
identityAttributeValue |
Specifies the value of the identity mapping attribute to set. |
Example
The following invocation sets the identity mapping attribute specified by identityAttributeName
for the Requester partner of type requester specified by the partnerId parameter. Displays the result of the operation.
setPartnerIdentityAttribute(partnerId="customPartner", identityAttributeName="httpbasicusername",identityAttributeValue="test")
5.1.22 deletePartnerIdentityAttribute
The deletePartnerIdentityAttribute command is an online command that deletes the identity mapping attribute. This command belongs to Partner command category.
Description
Deletes the identity mapping attribute specified by identityAttributeName
.
The identity mapping attributes used to map a token to a requester partner, or to map binding data (SSL Client certificate or HTTP Basic Username) to a requester partner, and they only exist for Requester partners.
Syntax
deletePartnerIdentityAttribute(partnerId, identityAttributeName)
Argument | Definition |
---|---|
partnerId |
Specifies the ID of the partner. |
identityAttributeName |
Specifies the name of the identity mapping attribute to delete. |
Example
The following invocation deletes the identity mapping attribute specified by identityAttributeName
for Requester partner customPartner
.
deletePartnerIdentityAttribute(partnerId="customPartner", identityAttributeName="httpbasicusername")
5.1.23 getAllWSPrefixAndPartnerMappings
The getAllWSPrefixAndPartnerMappings command is an online command that retrieves and displays all WS Prefixes to Relying Party Partner mappings. This command belongs to Relying Party Partner Mapping Commands category.
Description
Retrieves and displays all WS Prefixes to Relying Party Partner mappings.
Syntax
getAllWSPrefixAndPartnerMappings()
Example
The following invocation retrieves and displays theWS Prefixes.
getAllWSPrefixAndPartnerMappings()
5.1.24 getWSPrefixAndPartnerMapping
The getWSPrefixAndPartnerMapping command is an online command that retrieves and displays the Relying Party Partner mapped to the specified wsprefix parameter, if a mapping for that WS Prefix exists. This command belongs to Relying Party Partner Mapping Commands category.
Description
Retrieves and displays the Relying Party Partner mapped to the specified wsprefix parameter, if a mapping for that WS Prefix exists.
Syntax
getWSPrefixAndPartnerMapping(wsprefix)
Argument | Definition |
---|---|
wsprefix |
Specifies the WS Prefix entry to retrieve and display. The path is optional. If specified, it should take the following form: http_protocol://hostname_ip/path |
Example
The following invocation retrieves nd displays the Relying Party Partner mapped to the specified wsprefix parameter, if a mapping for that WS Prefix exists.
getWSPrefixAndPartnerMapping(wsprefix="http://host1.example.com/path")
5.1.25 createWSPrefixAndPartnerMapping
The createWSPrefixAndPartnerMapping command is an online command that creates a new WS Prefix mapping to a Relying Partner. This command belongs to Relying Party Partner Mapping Commands category.
Description
Creates a new WS Prefix mapping to a Relying Partner referenced by the partnerid parameter, and displays the result of the operation.
Syntax
createWSPrefixAndPartnerMapping(wsprefix, partnerid, description)
Argument | Definition |
---|---|
wsprefix |
Specifies the WS Prefix entry to retrieve and display. The path is optional. If specified, it should take the following form: http_protocol://hostname_ip/path |
partnerId |
Specifies the ID of the partner. |
description |
Specifies an optional description. |
Example
The following invocation creates a new WS Prefix mapping to a Relying Partner Partner referenced by the partnerid parameter, and displays the result of the operation.
createWSPrefixAndPartnerMapping(wsprefix="http://host1.example.com/path", partnerid="customRPpartner", description="some description")
5.1.26 deleteWSPrefixAndPartnerMapping
The deleteWSPrefixAndPartnerMapping command is an online command that deletes an existing mapping of WS Prefix to a Relying Partner. This command belongs to Relying Party Partner Mapping Commands category.
Description
Deletes an existing mapping of WS Prefix to a Relying Partner, and displays the result of the operation.
Syntax
deleteWSPrefixAndPartnerMapping(wsprefix)
Argument | Definition |
---|---|
wsprefix |
Specifies the WS Prefix entry to retrieve and display. The path is optional. If specified, it should take the following form: http_protocol://hostname_ip/path |
Example
The following invocation deletes the existing mapping of WS Prefix to a Relying Partner, and displays the result of the operation.
deleteWSPrefixAndPartnerMapping(wsprefix="http://host1.example.com/path")
5.1.27 getAllPartnerProfiles
The getAllPartnerProfiles command is an online command that retrieves the names of all the existing partner profiles and displays them. This command belongs to Partner Profiles Commands category.
Description
Retrieves the names of all the existing partner profiles and displays them.
Syntax
getAllPartnerProfiles()
Example
The following invocation retrieves the names of all the existing partner profiles and displays them.
getAllPartnerProfiles()
5.1.28 getPartnerProfile
The getPartnerProfile command is an online command that retrieves the configuration data of a specific partner profile, and displays the content of the profile. This command belongs to Partner Profiles Commands category.
Description
Retrieves the configuration data of the partner profile referenced by the partnerProfileId parameter, and displays the content of the profile.
Syntax
getPartnerProfile(partnerProfileId)
Argument | Definition |
---|---|
partnerProfileId |
Specifies the name of the partner profile. |
Example
The following invocation retrieves the configuration data of the partner profile referenced by the partnerProfileId parameter, and displays the content of the profile.
getPartnerProfile(partnerProfileId="custom-partnerprofile")
5.1.29 createRequesterPartnerProfile
The createRequesterPartnerProfile command is an online command that creates a new requester partner profile with default configuration data. This command belongs to Partner Profiles Commands category.
Description
Creates a new requester partner profile with default configuration data, and displays the result of the operation.
Table 5-2 describes the default configuration created with this command.
Table 5-2 Default Configuration: createRequesterPartnerProfile
Element | Description |
---|---|
Return Error for Missing Claims |
Default: false |
Allow Unmapped Claims |
Default: false |
Token Type Configuration |
The Token Type Configuration table includes the following entries. There are no mappings of token type to WS-Trust Validation Template:
Note: Token Type Configuration and token type to Validation Template mapping are both empty |
Attribute Name Mapping |
Default: The Attribute Name Mapping table is empty by default. |
Syntax
createRequesterPartnerProfile(partnerProfileId, defaultRelyingPartyPPID, description)
Argument | Definition |
---|---|
partnerProfileId |
Specifies the name of the partner profile. |
defaultRelyingPartyPPID |
Specifies the relying party partner profile to use, if the AppliesTo field is missing from the RST or if it could not be mapped to a Relying Party Partner. |
description |
Specifies the optional description for this partner profile |
Example
The following invocation creates a new requester partner profile with default configuration data, and displays the result of the operation. For default data descriptions, see Table 5-2.
createRequesterPartnerProfile(partnerProfileId="custom-partnerprofile", defaultRelyingPartyPPID="rpPartnerProfileTest", description="custom partner profile")
5.1.30 createRelyingPartyPartnerProfile
The createRelyingPartyPartnerProfile command is an online command that creates a new relying party partner profile with default configuration data. This command belongs to Partner Profiles Commands category.
Description
Creates a new relying party partner profile with default configuration data, and displays the result of the operation.
Table 5-3 describes the default configuration created with this command.
Table 5-3 Default Configuration: createRelyingPartyPartnerProfile
Element | Description |
---|---|
Download Policy |
Default: false |
Allow Unmapped Claims |
Default: false |
Token Type Configuration |
The Token Type Configuration will contain a single entry, with:
Note: For the token type of the issuance template referenced by defaultIssuanceTemplateID, it will be linked to the issuance template, while the other token types will not be linked to any issuance template. If the issuance template referenced by defaultIssuanceTemplateID is of custom token type, the table will only contain one entry, with the custom token type, mapped to the custom token type as the external URI, and mapped to the issuance template referenced by defaultIssuanceTemplateID |
Attribute Name Mapping |
The Attribute Name Mapping table is empty be default. |
Syntax
createRelyingPartyPartnerProfile(partnerProfileId, defaultIssuanceTemplateID, description)
Argument | Definition |
---|---|
partnerProfileId |
Specifies the name of the partner profile. |
defaultIssuanceTemplateID |
Specifies the default issuance template and token type to issue if no token type was specified in the RST. |
description |
Specifies the optional description for this partner profile |
Example
The following invocation creates a new relying party partner profile with default configuration data, and displays the result of the operation.
createRelyingPartyPartnerProfile(partnerProfileId="custom-partnerprofile", defaultIssuanceTemplateID="saml11-issuance-template", description="custom partner profile")
5.1.31 createIssuingAuthorityPartnerProfile
The createIssuingAuthorityPartnerProfile command is an online command that creates a new issuing authority partner profile with default configuration data. This command belongs to Partner Profiles Commands category.
Description
Creates a new issuing authority partner profile with the default configuration data in Table 5-4, and displays the result of the operation.
Table 5-4 Default Configuration: createIssuingAuthorityPartnerProfile
Element | Description |
---|---|
Server Clockdrift |
Default: 600 seconds |
Token Mapping |
The Token Mapping Section will be configured as follows:
Empty fields
|
Partner NameID Mapping |
The Partner NameID Mapping table will be provisioned with the following entries as NameID format. However, without any data in the datastore column the issuance template referenced by defaultIssuanceTemplateID is of token type SAML 1.1, SAML 2.0, or Username. The table will contain the following entries:
|
User NameID Mapping |
The User NameID Mapping table will be provisioned with the following entries as NameID format:
|
Attribute Mapping |
The Attribute Value Mapping and Attribute Name Mapping table is empty be default. |
Syntax
createIssuingAuthorityPartnerProfile(partnerProfileId, description)
Argument | Definition |
---|---|
partnerProfileId |
Specifies the name of the partner profile. |
description |
Specifies the optional description for this partner profile |
Example
The following invocation a new issuing authority partner profile with default configuration data, and displays the result of the operation.
createIssuingAuthorityPartnerProfile(partnerProfileId="custom-partnerprofile" description="custom partner profile")
5.1.32 deletePartnerProfile
The deletePartnerProfile command is an online command that deletes an partner profile referenced by the partnerProfileId parameter. This command belongs to Partner Profiles Commands category.
Description
Deletes an partner profile referenced by the partnerProfileId parameter, and displays the result of the operation. See Advanced Identity Federation Commands for information regarding SAML 1.1.
Syntax
deletePartnerProfile(partnerProfileId)
Argument | Definition |
---|---|
partnerProfileId |
Specifies the name of the partner profile to be removed. |
Example
The following invocation deletes an partner profile referenced by the partnerProfileId parameter, and displays the result of the operation.
deletePartnerProfile(partnerProfileId="custom-partnerprofile")
5.1.33 getAllIssuanceTemplates
The getAllIssuanceTemplates command is an online command that retrieves the names of all the existing issuance templates. This command belongs to Issuance Template Commands category.
Description
Retrieves the names of all the existing issuance templates and displays them.
Syntax
getAllIssuanceTemplates
Example
The following invocation retrieves the names of all the existing issuance templates and displays them.
getAllIssuanceTemplates
5.1.34 getIssuanceTemplate
The getIssuanceTemplate command is an online command that retrieves the configuration data of a specific issuance template. This command belongs to Issuance Template Commands category.
Description
Retrieves the configuration data of the issuance template referenced by the issuanceTemplateId parameter, and displays the content of the template.
Syntax
getIssuanceTemplate(issuanceTemplateId)
Argument | Definition |
---|---|
issuanceTemplateId |
Specifies the name of the issuance template. |
Example
The following invocation retrieves the configuration data of the issuance template referenced by the issuanceTemplateId parameter, and displays the content of the template.
getIssuanceTemplate(issuanceTemplateId="custom-issuancetemp")
5.1.35 createIssuanceTemplate
The createIssuanceTemplate command is an online command that creates a new issuance template with default configuration data. This command belongs to Issuance Template Commands category.
Description
Creates a new issuance template with default configuration data, and displays the result of the operation.
Table 5-5 describes the default configuration for this command.
Table 5-5 Default Configuration: createIssuanceTemplate
Token Type | Description |
---|---|
Username |
The issuance template will be created with the following default values:
|
SAML 1.1 or SAML 2.0 |
The issuance template will be created with the following default values:
Empty tables: Attribute Name Mapping, Attribute Value Mapping and Attribute Value Filter |
Custom Type |
The issuance template will be created with the following default values:
|
Syntax
createIssuanceTemplate(issuanceTemplateId, tokenType, signingKeyId, description)
Argument | Definition |
---|---|
issuanceTemplateId |
Specifies the name of the issuance template to be created. |
tokenType |
Possible values can be:
|
signingKeyId |
Specifies the keyID referencing the key entry (defined in the STS General Settings UI section) that will be used to sign outgoing SAML Assertions. Only required when token type is saml11 or saml20. |
description |
An optional description. |
Example
The following invocation creates a new issuance template with default configuration data, and displays the result of the operation.
createIssuanceTemplate(issuanceTemplateId="custom-issuancetemp", tokenType="saml20", signingKeyId="osts_signing", description="custom issuance template")
5.1.36 deleteIssuanceTemplate
The deleteIssuanceTemplate command is an online command that deletes an issuance template referenced by the issuanceTemplateId parameter, and displays the result of the operation. This command belongs to Issuance Template Commands category.
Description
Deletes an issuance template referenced by the issuanceTemplateId parameter, and displays the result of the operation.
Syntax
deleteIssuanceTemplate(issuanceTemplateId)
Argument | Definition |
---|---|
issuanceTemplateId |
Specifies the name of the existing issuance template to be removed. |
Example
The following invocation deletes an issuance template referenced by the issuanceTemplateId parameter, and displays the result of the operation.
deleteIssuanceTemplate(issuanceTemplateId="custom-issuancetemp")
5.1.37 getAllValidationTemplates
The getAllValidationTemplates command is an online command that retrieves the names of all the existing validation templates. This command belongs to Validation Template Commands category.
Description
Retrieves the names of all the existing validation templates and displays them.
Syntax
getAllValidationTemplates()
Example
The following invocation retrieves the names of all the existing validation templates and displays them.
getAllValidationTemplates()
5.1.38 getValidationTemplate
The getValidationTemplate command is an online command that retrieves the configuration data of a specific validation template, and displays the content of the template. This command belongs to Validation Template Commands category.
Description
Retrieves the configuration data of the validation template referenced by the validationTemplateId parameter, and displays the content of the template.
Syntax
getValidationTemplate(validationTemplateId)
Argument | Definition |
---|---|
validationTemplateId |
Specifies the name of the existing validation template. |
Example
The following invocation retrieves the configuration data of a specific validation template, and displays the content of the template.
getValidationTemplate(validationTemplateId="custom-wss-validtemp")
5.1.39 createWSSValidationTemplate
The createWSSValidationTemplate command is an online command that creates a new validation template with default configuration data. This command belongs to Validation Template Commands category.
Description
Creates a new WSS validation template with default configuration data, and displays the result of the operation. The validation template is created using the values in Table 5-6, depending on the token type.
Table 5-6 Default Configuration: createWSSValidationTemplate
Token Type | Description |
---|---|
Username |
The validation template will be created with the following default values:
|
SAML 1.1 or SAML 2.0 |
The validation template will be created with the following default values:
The Token Mapping section will be created with the following default values:
Empty fields: User Token Attribute, User Datastore Attribute and Attribute Based User Mapping Also:
Partner NameID Mapping table will be provisioned with the following entries as NameID format, but without any data in the datastore column:
User NameID Mapping table will be provisioned with the following entries as NameID format:
|
X.509 |
The Token Mapping section will be created with the following default values:
Empty fields: User Token Attribute, User Datastore Attribute and Attribute Based User Mapping Also:
|
Kerberos |
The Token Mapping section will be created with the following default values:
Empty fields: Partner Token Attribute, Partner Datastore Attribute and Attribute Based User Mapping Also:
|
Syntax
createWSSValidationTemplate(templateId, tokenType, defaultRequesterPPID, description)
Argument | Definition |
---|---|
templateId |
Specifies the name of the name of the validation template to be created. |
tokenType |
Specifies the token type of the validation template. Possible values can be:
|
defaultRequesterPPID |
Specifies the Requester partner profile to use if OSTS is configured not to map the incoming message to a requester. |
description |
Specifies an optional description. |
Example
The following invocation creates a new validation template with default configuration data, and displays the result of the operation.
createWSSValidationTemplate(templateId="custom-wss-validtemp", tokenType="custom", defaultRequesterPPID="requesterPartnerProfileTest", description="custom validation template")
5.1.40 createWSTrustValidationTemplate
The createWSTrustValidationTemplate command is an online command that creates a new WS-Trust validation template with default configuration data. This command belongs to Validation Template Commands category.
Description
Creates a new WS-Trust validation template with default configuration data, and displays the result of the operation. The WS-Trust validation template is created with the values in Table 5-7, depending on the token type.
Table 5-7 Default Configuration: createWSTrustValidationTemplate
Token Type | Description |
---|---|
Username |
The WS-Trust validation template will be created with the following default values:
|
SAML 1.1 or SAML 2.0 |
The WS-Trust validation template will be created with the following default values:
The Token Mapping section will be created with the following default values:
Empty fields: User Datastore Attribute, Attribute Based User Mapping User NameID Mapping table will be provisioned with the following entries as NameID format:
|
X.509 |
The WS-Trust Token Mapping section will be created with the following default values:
|
Kerberos |
The WS-Trust Token Mapping section will be created with the following default values:
|
OAM |
The WS-Trust Token Mapping section will be created with the following default values:
|
custom |
The WS-Trust Token Mapping section will be created with the following default values:
|
Syntax
createWSTrustValidationTemplate(templateId, tokenType, description)
Argument | Definition |
---|---|
templateId |
Specifies the name of the name of the WS-Trust validation template to be created. |
tokenType |
Specifies the token type of the WS-Trust validation template. Possible values can be:
|
description |
Specifies an optional description. |
Example
The following invocation creates a new WS-Trust validation template with default configuration data, and displays the result of the operation.
createWSTrustValidationTemplate(templateId="custom-wss-validtemp", tokenType="custom", description="custom validation template")
5.1.41 deleteValidationTemplate
The deleteValidationTemplate command is an online command that deletes a validation template. This command belongs to Validation Template Commands category.
Description
Deletes a validation template referenced by the validationTemplateId parameter, and displays the result of the operation.
Syntax
deleteValidationTemplate(validationTemplateId)
Argument | Definition |
---|---|
validationTemplateId |
Specifies the name of the validation template to be removed. |
Example
The following invocation deletes a validation template referenced by the validationTemplateId parameter, and displays the result of the operation.
deleteValidationTemplate(validationTemplateId="custom-wss-validtemp")
5.1.42 configureOWSMAgentSTS
The configureOWSMAgentSTS command is an online command required to allow custom Mobile Security Access Server (MSAS)/Oracle Web Services Manager (OWSM) policies to work. This command belongs to Validation Template Commands category.
Description
Online command modifies the Security Token Service configuration to allow custom MSAS/OWSM policies to work.
Syntax
configureOWSMAgentSTS(<type>, <server="soa_server1">)
Argument | Definition |
---|---|
type |
The type can be 'classpath' or 'policymanager'. If OWSM policy manager service has to be seeded with STS policy, then pass in 'policymanager'. Otherwise, use 'password' and STS policies are picked from sts_policies.jar. |
|
Optional. If type=policymanager, enter the WLS managed server name where the OWSM Document Manager MBean is deployed. |
Example
configureOWSMAgentSTS("policymanager", server="omsm_server1")