2 Access Manager WLST Commands
The Access Manager Commandssection lists the Oracle Access Management Access Manager WLST commands and their details.
2.1 Access Manager Commands
Table 2-1 WLST Access Manager Commands
| Use this command... | To... | Use with WLST... |
|---|---|---|
|
Generate and retrieve the key used to hash a resource URL in an authorization policy. |
Online |
|
|
Enables and disables custom error and login pages. |
Online Offline |
|
|
Create a user identity store registration. |
Online Offline |
|
|
Edit a user identity store registration. |
Online Offline |
|
|
Delete a user identity store registration. |
Online Offline |
|
|
Display a user identity store registration. |
Online |
|
|
Create an entry for an Access Manager Server configuration. |
Online Offline |
|
|
Edit the entry for an Access Manager Server configuration. |
Online Offline |
|
|
Delete the named Access Manager Server configuration. |
Online Offline |
|
|
Display Access Manager Server configuration details. |
Online Offline |
|
|
Enable or disable the Persistent Login feature. |
Online |
|
|
Configure the Access Manager login page user preferences. |
Online |
|
|
Configure the SSO server request cache type. |
Online |
|
|
Display the SSO server request cache type entry. |
Online Offline |
|
|
Edit OSSO Agent configuration details. |
Online Offline |
|
|
Delete the named OSSO Agent configuration. |
Online Offline |
|
|
Display OSSO Agent configuration details. |
Online Offline |
|
|
Edit 10g WebGate Agent registration details. |
Online Offline |
|
|
Delete the named 10g WebGate Agent configuration. |
Online Offline |
|
|
Display WebGate Agent configuration details. |
Online Offline |
|
|
Export Access Manager policy data from a test (source) to an intermediate Access Manager file. |
Online |
|
|
Import Access Manager policy data from the Access Manager file specified. |
Online |
|
|
Import Access Manager policy changes from the Access Manager file specified. |
Online |
|
|
Migrate partners from the source Access Manager Server to the specified target Access Manager Server. |
Online |
|
|
Export the Access Manager partners from the source to the intermediate Access Manager file specified. |
Online |
|
|
Import the Access Manager partners from the intermediate Access Manager file specified. |
Online |
|
|
List the details of deployed Access Manager Servers. |
Online Offline |
|
|
Configure the Access Manager-Oracle Adaptive Access Manager basic integration. |
Online |
|
|
Register Identity Federation as Delegated Authentication Protocol (DAP) Partner. |
Online Offline |
|
|
Registers Identity Federation in IDP mode. |
||
|
Registers any third party as a Trusted Authentication Protocol (TAP) Partner. |
Online |
|
|
Disable the Coexist Mode. |
Online |
|
|
Enables Coexist Mode for the Access Manager agent (enabling the Access Manager 11g server to own the Obssocookie set by 10g WebGate). |
Online |
|
|
Disables Coexist Mode for the Access Manager agent (disabling the Access Manager 11g server from the Obssocookie set by 10g WebGate). |
Online |
|
|
Edit GITO configuration parameters. |
Online |
|
|
Edit an 11g WebGate registration. |
Online Offline |
|
|
Remove an 11g WebGate Agent registration. |
Online Offline |
|
|
Display an 11g WebGate Agent registration. |
Online Offline |
|
|
Display metrics of Access Manager Servers. |
Online Offline |
|
|
Update the Oracle Identity Manager configuration when integrated with Access Manager. |
Online |
|
|
Creates an Agent registration specific to Oracle Identity Manager when integrated with Access Manager. |
Online |
|
|
Updates OSSO Proxy response cookie settings. |
Online |
|
|
Deletes OSSO Proxy response cookie settings. |
Online |
|
|
Configures an identity store and external user store. |
Online |
|
|
Configures an identity store and external user store using values defined in a file. |
Online |
|
|
Migrates artifacts based on the specified artifact file. |
Online |
|
|
Displays the simple mode global passphrase in plain text from the system configuration. |
Online |
|
|
Exports selected Access Manager Partners to the intermediate Access Manager file specified. |
Online |
|
|
Migrates policies, authentication stores, and user stores from OSSO, OAM10g, OpenSSO, or AM 7.1 to OAM11g. |
Online |
|
|
Invokes the preSchemeUpgrade operation. |
Online |
|
|
Invokes the postSchemeUpgrade operation. |
Online |
|
|
Set to true and the Access Manager Server will redirect to the URLS specified in the WhiteListURL list only. |
Online |
|
|
Add, update or remove whitelist URL entries from configuration file. |
Online |
|
|
Enable Multi Data Centre Mode. |
Online |
|
|
Disable Multi Data Centre Mode. |
Online |
|
|
Set the Multi Data Centre Cluster name. |
Online |
|
|
Set the Multi Data Centre logout URLs. |
Online |
|
|
Add partner for Multi Data Centre. |
Online |
|
|
Remove partner from Multi Data Centre. |
Online |
|
|
Add an OAM SSO provider. |
Online |
|
|
Set the fully qualified classname for the given discovery provider. |
Online |
|
| Display the fully qualified classname configured for the discovery provider. |
Online |
|
| Add the plugin and plugin-metadata as given in the propFile in the oam-config.xml. |
Online |
2.1.1 displayAuthZCallBackKey
The displayAuthZCallBackKey command is an online command that allows generation and retrieval of the key used to hash the resource URL that is returned during authorization when a success or failure URL is configured for the policy.
Description
Allows retrieval of the key used to hash the resource URL during authorization if already present. If the key is not present it is created and returned. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayAuthZCallBackKey()
Note:
There are no arguments for this command.Example
The following example displays the hash key.
displayAuthZCallBackKey()
2.1.2 updateCustomPages
The updateCustomPages command is an online and offline command that enables and disables custom error and login page configuration.
Description
Adds a context path and page extension to oam-config.xml that points to the WAR containing the custom Error and login pages:
<Setting Name="ssoengine" Type="htf:map"> <Setting Name="ErrorConfig" Type="htf:map"> <Setting Name="ErrorMode" Type="xsd:string">EXTERNAL</Setting> <Setting Name="CustomPageExtension" Type="xsd:string">jsp</Setting> <Setting Name="CustomPageContext" Type="xsd:string">/SampleApp</Setting> </Setting> </Setting>
Syntax
updateCustomPages(pageExtension="<fileExtension>", context="<contextPath>")
| Argument | Definition |
|---|---|
|
Specifies the context path to the application; for example, /SampleApp. |
|
Has a default value of "jsp" but can be left blank. |
Example
To enable the Custom Error page functionality, use updateCustomPages with the context and pageExtension parameters. This will modify the oam-config.xml file and enable the custom page functionality.
updateCustomPages(pageExtension ="jsp", context="/SampleApp")
To disable the Custom Error page functionality, use the command without parameters [updateCustomPages()]. This will undo the modifications made when the command is run with parameters.
2.1.3 createUserIdentityStore
The createUserIdentityStore command is an online and offline command that creates an identity store registration in the Access Manager system configuration.
Description
Creates an entry in the system configuration for a new user identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.
Syntax
createUserIdentityStore(name="<Name>", principal="<Principal>", credential="<Credential>", type="<Type>", userAttr="<userAttr>", ldapProvider="<ldapProvider>", userSearchBase="<userSearchBase>", ldapUrl="<ldapUrl>", isPrimary="<isPrimary>", isSystem="<isSystem>", userIDProvider="<userIDProvider>", roleSecAdmin="<roleSecAdmin>", roleSysMonitor="<roleSysMonitor>", roleAppAdmin="<roleAppAdmin>", roleSysManager="<roleSysManager>", roleSecAdminGroups="<roleSecAdminGroups>", roleSecAdminUsers="<roleSecAdminUsers>", groupSearchBase="<groupSearchBase>", supplementaryReturnAttributes="<supplementaryReturnAttributes>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the unique name of the LDAP identity store being created. Use only upper and lower case alpha characters and numbers. |
|
Mandatory. Specifies the Principal Administrator of the LDAP identity store being created. For example, cn=Admin. |
|
Mandatory. Specifies the password of the Principal for the LDAP identity store being created. |
|
Mandatory. Specifies the type of the LDAP identity store being created. For this command, the value would be LDAP. |
|
Mandatory. Specifies the user attributes of the LDAP identity store being created. |
|
Mandatory. Specifies the type of the LDAP identity store being created. The value might be ODSEE, AD, OID, OVD, SJS, OUD, and the like. This value is defined when a new user identity store is created using the Access Manager Administration Console and corresponds with Store Type in the user identity store. |
|
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being created. For example, |
|
Mandatory. Specifies the node under which group data is stored in the LDAP identity store being created. For example, |
|
Mandatory. Specifies the URL of the server host (including port number) of the LDAP identity store being created. For example, |
|
Optional. Specifies whether the LDAP identity store being created is the primary identity store. Takes true or false as a value. |
|
Optional. Specifies whether the LDAP identity store being created is the system store. Takes true or false as a value. |
|
Optional. Specifies the underlying infrastructure with which to connect to the identity store. Only supported type is OracleUserRoleAPI. |
|
Optional. Specifies one or more comma-delimited groups with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
|
Optional. Specifies one or more comma-delimited users with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
|
Optional. Specifies the Security Administrator of the LDAP identity store being created. |
|
Optional. Specifies the System Monitor of the LDAP identity store being created. |
|
Optional. Specifies the Application Administrator of the LDAP identity store being created. |
|
Optional. Specifies the System Manager of the LDAP identity store being created. |
|
Specifies a comma-delimited list of attributes that need to be retrieved as part of the User object. For example: ORCL_USR_ENC_FIRST_NAME,ORCL_USR_ENC_LAST_NAME,USR_USRNAME,ORCL_USR_CTY_CODE,ORCL_USR_LANG_CODE_S,ORCL_USR_JROLE_ID_S,ORCL_USR_IND_ID,ORCL_USR_COMP_REL_ID,ORCL_USR_ASCII_IND,ORCL_ORA_UCM_VER,ORCL_ORA_UCM_SRVC |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. |
Example
The following example registers a new Oracle Internet Directory user identity store definition for use with Access Manager.
createUserIdentityStore(name="Name1", principal="Principal1", credential="Credential1", type="Type1", userAttr="userAttr1", ldapProvider="ldapProvider", userSearchBase="userSearchBase", ldapUrl="ldapUrl", isPrimary="isPrimary", isSystem="isSystem", userIDProvider="userIDProvider", roleSecAdmin="<roleSecAdmin>", roleSysMonitor="<roleSysMonitor>", roleAppAdmin="<roleAppAdmin>", roleSysManager="<roleSysManager>", roleSecAdminGroups="<roleSecAdminGroups>", roleSecAdminUsers="<roleSecAdminUsers>", groupSearchBase="groupSearchBase", supplementaryReturnAttributes="supplementaryReturnAttributes", domainHome="domainHome1")
2.1.4 editUserIdentityStore
The editUserIdentityStore command is an online and offline command that modifies an existing identity store registration for Access Manager.
Description
Changes one or more attributes of the user identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.
Syntax
editUserIdentityStore(name="<Name>", [ principal="<Principal>", credential="<Credential>", type="<Type>", userAttr="<userAttr>", ldapProvider="<ldapProvider>", roleSecAdmin="<roleSecAdmin>", roleSysMonitor="<roleSysMonitor>", roleSysManager="<roleSysManager>" , roleAppAdmin="<roleAppAdmin>", roleSecAdminGroups="<roleSecAdminGroups>", roleSecAdminUsers="<roleSecAdminUsers>", userSearchBase="<userSearchBase>", ldapUrl="<ldapUrl>", isPrimary="<isPrimary>", isSystem="<isSystem>", userIDProvider="<userIDProvider>" , groupSearchBase="<groupSearchBase>", domainHome="<domainHome>", userFilterObjectClasses="<userFilterObjectClasses>", groupFilterObjectClasses="<groupFilterObjectClasses>", referralPolicy="<referralPolicy>", searchTimeLimit="<searchTimeLimit>", minConnections="<minConnections>", maxConnections="<maxConnections>", connectionWaitTimeout="<connectionWaitTimeout>", connectionRetryCount="<connectionRetryCount>", groupNameAttr="<groupNameAttr>", groupCacheEnabled="<groupCacheEnabled>", groupCacheSize="<groupCacheSize>", groupCacheTTL=<"groupCacheTTL>", supplementaryReturnAttributes="<supplementaryReturnAttributes>" )
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the unique name of the LDAP identity store being modified. Use only upper and lower case alpha characters and numbers. |
|
Specifies the Principal Administrator of the LDAP identity store being modified. For example, |
|
Specifies the encrypted Password of the Principal Administrator for the LDAP identity store being modified. |
|
Specifies the type of the base identity store being modified. For this command, the value would be LDAP. |
|
Mandatory. Specifies the user attributes of the LDAP identity store being modified. |
|
Mandatory. Specifies the LDAP type of the LDAP identity store being registered. The value might be ODSEE, AD, OID, OVD, SJS, OUD, and the like. This value is defined when a new user identity store is created using the Access Manager Administration Console and corresponds with Store Type in the user identity store. |
|
Optional. Specifies one or more comma-delimited groups with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
|
Optional. Specifies one or more comma-delimited users with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
|
Optional. Specifies the Security Administrator of the LDAP identity store being modified. |
|
Optional. Specifies the System Monitor of the LDAP identity store being modified. |
|
Optional. Specifies the Application Administrator of the LDAP identity store being modified. |
|
Optional. Specifies the System Manager of the LDAP identity store being modified. |
|
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being modified. For example, |
|
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being modified. For example, |
|
Mandatory. Specifies the URL of the server host (including port number) of the LDAP identity store being modified. For example, |
|
Optional. Specifies whether the LDAP identity store being modified is the primary identity store. Takes true or false as a value. |
|
Optional. Specifies whether the LDAP identity store being modified is the system store. Takes true or false as a value. |
|
Optional. Specifies the underlying infrastructure with which to connect to the identity store. Only supported type is OracleUserRoleAPI. |
|
Specifies a comma-delimited list of attributes that need to be retrieved as part of the User object. For example: ORCL_USR_ENC_FIRST_NAME,ORCL_USR_ENC_LAST_NAME,USR_USRNAME,ORCL_USR_CTY_CODE,ORCL_USR_LANG_CODE_S,ORCL_USR_JROLE_ID_S,ORCL_USR_IND_ID,ORCL_USR_COMP_REL_ID,ORCL_USR_ASCII_IND,ORCL_ORA_UCM_VER,ORCL_ORA_UCM_SRVC |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
|
Mandatory. Specifies a list of user filter object classes (separated by semicolon). |
|
Specifies a list of group filter object classes (separated by semicolon). |
|
Specifies an LDAP referral policy (either "follow", "ignore" or "throw"). |
|
Specifies the time limit in seconds for an LDAP Search operation. |
|
Specifies the minimum number of connections in the connection pool. |
|
Specifies the maximum number of connections in the connection pool. |
|
Specifies the number of seconds to wait for obtaining a connection from the pool. |
|
Specifies the number of attempts to retry when establishing a connection to the identity store. |
|
Specifies the name of the attribute to lookup the user groups. For example, |
|
A boolean that specifies whether to enable the LDAP group cache. Takes true or false as a value. |
|
Specifies the number of entries in the LDAP group cache. |
|
Specifies the total time to live for each entry in the LDAP group cache. |
Example
The following example changes the search base values for the registered identity store.
editUserIdentityStore(name="IdStore1", userSearchBase="cn=users", groupSearchBase="cn=groups")2.1.5 displayUserIdentityStore
The displayUserIdentityStore command is an online command that displays user identity store registration information.
Description
Displays the information regarding the identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayUserIdentityStore(name="<name>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the LDAP identity store registration to be displayed. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. |
Example
The following example invocation for WebSphere displays registration details of the user identity store. To use this command in online mode with WebLogic, there is no need to specify the domainHome argument.
displayUserIdentityStore(name="ID_Store1", domainHome="domainHome1")
2.1.6 createOAMServer
THe createOAMServer command is an online and offline command that creates an Access Manager Server entry in the system configuration.
Description
Creates an Access Manager Server registration. The details include the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the OAM Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.
Syntax
createOAMServer(configurationProfile="<configurationProfile>", host="<host>",port="<port>", oamProxyPort="<0000>", oamProxyServerID="<oamProxyServerID>",siteName="<siteName>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the Configuration Profile of the OAM Server. The profile appears under Server Instances on the System Configuration tab in the Access Manager Administration Console. |
|
Mandatory. Specifies the name of the Access Manager Server host. |
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
|
Mandatory. Specifies the proxy port of the Access Manager Server host. |
|
Mandatory. Specifies the proxy server ID of the Access Manager Server host. The Access Manager Proxy name appears under the Access Manager Proxy sub tab of the server instance in the Access Manager Administration Console. |
|
Mandatory. Specifies the siteName/serverName for the instance. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example creates a configuration for my_host with listening port 15000. The configuration entry in the Access Manager Administration Console will be oam_server1. The Access Manager Proxy port is 3004 and the Access Manager Proxy Server ID is oamProxyServerID1.
createOAMServer(configurationProfile="oam_server1", host="my_host", port="15000", oamProxyPort="3004", oamProxyServerID="oamProxyServerID1", siteName="siteName1", domainHome="domainHome1")
2.1.7 editOAMServer
The editOAMServer command is an online and offline command that enables you to modify the details of an Access Manager Server registration.
Description
Modifies the specified parameter values of the registration for an Access Manager Server. The details may include the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the Access Manager Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.
Syntax
editOAMServer(configurationProfile="<configurationProfile>", host="<host>",port="<port>", oamProxyPort="<0000>", oamProxyServerID="<oamProxyServerID>",siteName="<siteName>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the Configuration Profile of the Access Manager Server. The profile appears under Server Instances on the System Configuration tab in the Access Manager Administration Console. |
|
Mandatory. Specifies the name of the Access Manager Server host. |
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
|
Mandatory. Specifies the proxy port of the Access Manager Server host. |
|
Mandatory. Specifies the proxy server ID of the Access Manager Server host. The Access Manager Proxy name appears under the Access Manager Proxy sub tab of the server instance in the Access Manager Administration Console. |
|
Mandatory. Specifies the siteName/serverName for the instance. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
You can use any of the optional attributes to change current settings. The following invocation enables you to add the Access Manager Proxy Sever ID to the configuration entry oam_server1.
editOAMServer(configurationProfile="oam_server1", host="my_host", port="15000", oamProxyPort="3004", oamProxyServerID="oamProxyServerID1", siteName="siteName1", domainHome="domainHome1")
2.1.8 deleteOAMServer
The deleteOAMServer command is an online and offline command that enables you to delete the specified Access Manager Server registration.
Description
Deletes the specified Access Manager Server configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
deleteOAMServer(host="<host>", port="<port>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the Access Manager Server host. |
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example enables you to delete the oam_server1 Access Manager Server registration with listening port 15000.
deleteOAMServer(host="oam_server1", port="15000", domainHome="domainHome1")
2.1.9 deleteUserIdentityStore
The deleteUserIdentityStore command is an online and offline command that deletes an existing identity store registration for Access Manager.
Description
Deletes the identity store registration. The scope of this command is an instance only; the scope is not an argument.
Syntax
deleteUserIdentityStore(name="<name>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the LDAP identity store registration to be removed. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example can be used on WebSphere and deletes the registration of the named identity store. To use this command in online mode with WebLogic Server, the domainHome argument need not be specified.
deleteUserIdentityStore(name="identity_store", domainHome="domainHome1")
2.1.10 displayOAMServer
The displayOAMServer command is an online and offline command that displays registration details for the specified Access Manager Server.
Description
Displays the registration details of the specified Access Manager Server, including the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the Access Manager Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayOAMServer(host="<host>", port="<port>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the Access Manager Server host. |
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example will list all metrics specific to the my_host Access Manager Server.
displayOAMServer(host="my_host", port="15000", domainHome="domainHome1")
2.1.11 configurePersistentLogin
The configurePersistentLogin command is an online command used to enable or disable the Persistent Login feature.
Description
Enables the Persistent Login feature.
Syntax
configurePersistentLogin(enable="true/false", validityInDays="<#>", maxAuthnLevel="<#>", userAttribute="<userAttr>")
| Argument | Definition |
|---|---|
|
Mandatory. Specify true or false. |
|
Mandatory. Specifies the number of days that the user login will be persisted for a particular browser instance or device. |
|
Mandatory. Specifies the maximum Authentication Level allowed after re-authenticating automatically through Persistent Login. |
|
Mandatory. Specifies the user attribute with which Persistent Login properties will be stored. |
Example
The following example changes the search base values for the registered identity store.
configurePersistentLogin(enable="true", validityInDays="30", maxAuthnLevel="2" userAttribute="obPSFTID")
2.1.12 configOAMLoginPagePref
The configOAMLoginPagePref command is an online command that configures the Access Manager login page user preferences.
Description
Configures the Access Manager login page user preferences.
Syntax
configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14, langPrefCookieDomain="oracle.com", langPrefOrder="serverOverrideLangPref, oamPrefsCookie, browserAcceptLanguage, defaultLanguage", serverOverrideLanguage="en", defaultLanguage="en", applicationSupportedLocales="en,fr")
| Argument | Definition |
|---|---|
|
Mandatory. Boolean that defines whether the OAM_LANG_PREF cookie is persistent or non-persistent. Set to true or false. |
|
Mandatory. Lifetime of the OAM_LANG_PREF cookie if persistent. |
|
Mandatory. Defines the domain of the OAM_LANG_PREF cookie. |
langPrefOrder |
Mandatory. Decides the order of language precedence. Must be formatted as in the syntax and example. The allowed value set is (serverOverrideLangPref,oamPrefsCookie,browserAcceptLanguage,defaultLanguage). "oamPrefsCookie, browserAcceptLanguage, serverOverrideLangPref" |
|
The server side language of Access Manager. Must be defined in language codes and selected from OAM supported languages. Default value is en. |
defaultLanguage |
The default language. |
|
Supported languages defined in a comma-delimited list. Setting |
Table 2-2 Language Codes For Login Pages
| Language Code | Language | Administrators |
|---|---|---|
|
ar |
Arabic |
|
|
cs |
Czech |
|
|
da |
Danish |
|
|
de |
German |
German |
|
el |
Greek |
|
|
en |
English |
English |
|
es |
Spanish |
Spanish |
|
fi |
Finnish |
|
|
fr |
French |
French |
|
fr-CA |
Canadian French |
Canadian French |
|
he |
Hebrew |
|
|
hr |
Croatian |
|
|
hu |
Hungarian |
|
|
it |
Italian |
Italian |
|
ja |
Japanese |
Japanese |
|
ko |
Korean |
Korean |
|
nl |
Dutch |
|
|
no |
Norwegian |
|
|
pl |
Polish |
|
|
pt-BR |
Brazilian Portuguese |
Brazilian Portuguese |
|
pt |
Portuguese |
|
|
ro |
Romanian |
|
|
ru |
Russian |
|
|
sk |
Slovak |
|
|
sv |
Swedish |
|
|
th |
Thai |
|
|
tr |
Turkish |
|
|
zh-CN |
Simplified Chinese |
Simplified Chinese |
|
zh-TW |
Traditional Chinese |
Traditional Chinese |
Example
configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14, langPrefCookieDomain="oracle.com", langPrefOrder="serverOverrideLangPref, oamPrefsCookie, browserAcceptLanguage, defaultLanguage", serverOverrideLanguage="en", defaultLanguage="en", applicationSupportedLocales="en,fr")
This next example allows an administrator to revert back to the default behavior in which no language list of values is displayed.
configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14,langPrefCookieDomain="example.com", langPrefOrder="serverOverrideLangPref,oamPrefsCookie,browserAcceptLanguage, defaultLanguage",serverOverrideLanguage="", defaultLanguage="en",applicationSupportedLocales="")
2.1.13 configRequestCacheType
The configRequestCacheType command is an online and offline command that defines the SSO server request cache type in the system configuration.
Description
Defines the SSO server request cache type in the system configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
configRequestCacheType(type="<requestCacheType>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the request cache type. Takes a value of BASIC or COOKIE. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example identifies the request cache type as Cookie:
configRequestCacheType(type="COOKIE") 2.1.14 displayRequestCacheType
The displayRequestCacheType command is an online and offline command that displays the SSO server request cache type defined for the specified domain. The request cache type may be BASIC or COOKIE.
Description
Displays the SSO server request cache type entry defined for the specified domain. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayRequestCacheType(domainHome="<domainHome>")
| Argument | Definition |
|---|---|
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example will display the request cache type (BASIC or COOKIE) defined for the specified domain home.
displayRequestCacheType(domainHome="domainHome1") 2.1.15 editOssoAgent
The editOssoAgent command is an online and offline command that enables you to modify the details of an OpenSSO (OSSO) Agent registration in the system configuration.
Description
Modifies OSSO Agent registration details including the Site Token, Success URL, Failure URL, Home URL, Logout URL, Start Date, End Date, Administrator ID, and Administrator Info. The scope of this command is an instance only; the scope is not an argument.
Syntax
editOssoAgent(agentName="AgentName", partnerId = "<partnerId>", siteToken = "<siteToken>", siteName = "<siteName>", successUrl ="<successUrl>", failureUrl = "<failureUrl>", homeUrl="<homeUrl>", logoutUrl="<logoutUrl>", startDate = "<startDate>", endDate = "<endDate>", adminId = "<adminId>", adminInfo = "<AdminInfo>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the OSSO Agent entry to be modified. adminId=admin Id of OSSO agent <optional> adminInfo=admin Information of OSSO agent <optional> |
|
Optional. Specifies the Agent Name of the OSSO agent instance. |
|
Optional. Specifies the Application Token used by the partner when requesting authentication. |
|
Optional. Specifies the SiteName/ServerName for the OSSO agent instance. |
|
Optional. Specifies the redirect URL to be used by the OSSO Agent if authentication is successful. |
|
Optional. Specifies the redirect URL to be used by the OSSO Agent if authentication fails. |
|
Optional. Specifies the redirect URL to be used for the Home page after authentication. |
|
Optional. Specifies the redirect URL to be used when a user is logging out. |
|
Optional. Specifies the first month, day, and year for which login to the application is allowed by the server. |
|
Optional. Specifies the final month, day, and year for which login to the application is allowed by the server. |
|
Optional. Specifies the administrator login ID for the OSSO Agent. |
|
Optional. Specifies an administrator identifier for the OSSO Agent for tracking purpose. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example changes the Administrator ID and information in the registration entry for OSSOAgent1.
editOssoAgent(agentName = "OSSOAgent1", partnerId = "partnerId", siteToken = "siteToken", siteName = "siteName", successUrl="successUrl", failureUrl = "failureUrl", homeUrl="homeUrl", logoutUrl="logoutUrl", startDate = "2009-12-10", endDate = "2012-12-30", adminId = "345", adminInfo = "Agent11", domainHome="domainHome1")
2.1.16 deleteOssoAgent
The deleteOssoAgent command is an online and offline command that enables you to remove the specified OSSO Agent registration in the system configuration.
Description
Removes the specified OSSO Agent registration in the system configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
deleteOssoAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the OSSO Agent entry to be removed. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example removes the OSSO Agent registration entry named OSSOAgent1.
deleteOssoAgent(agentName="OSSOAgent1", domainHome="domainHome1")
2.1.17 displayOssoAgent
The displayOssoAgent command is an online and offline command that displays the details of the specified OSSO Agent entry in the system configuration.
Description
Displays the details of the specified OSSO Agent entry in the Access Manager Administration Console. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayOssoAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the OSSO Agent entry to be displayed. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example displays the OSSOAgent1 entry details.
displayOssoAgent(agentName="OSSOAgent1", domainHome="domainHome1")
2.1.18 editWebgateAgent
The editWebgateAgent command is an online and offline command that enables you to modify a Webgate 10g registration entry in the system configuration.
Description
Enables you to modify a Webgate 10g registration entry in the system configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
editWebgateAgent(agentName="<AgentName>", accessClientPasswd="<accessClientPassword >",state="<state>", preferredHost="<host>", aaaTimeOutThreshold="<aaaTimeoutThreshold >", security="<security>",primaryCookieDomain="<primaryCookieDomain>", maxConnections="<maxConnections>",maxCacheElems="<maxCacheElements >", cacheTimeout="<cacheTimeOut>", cookieSessionTime="<cookieSessionTime >", maxSessionTime="<maxSessionTime>", idleSessionTimeout="<idleSessionTimeout >",failoverThreshold="<failoverThreshold >", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the WebGate Agent to be modified. |
|
Optional. Specifies the access client password of WebGate Agent. |
|
Optional. Specifies whether the WebGate Agent is enabled or disabled with a value of either Enabled or Disabled, respectively. |
|
Optional. Specifies the preferred host of the WebGate Agent. This prevents security holes that can be created if a host's identifier is not included in the Host Identifiers list. For virtual hosting, you must use the Host Identifiers feature. |
|
Optional. Specifies the number (in seconds) to wait for a response from the Access Manager run-time server. If this parameter is set, it is used as an application TCP/IP timeout instead of the default TCP/IP timeout. Default = -1 (default network TCP/IP timeout is used) |
|
Optional. Specifies the level of transport security to and from the Access Manager run-time server. Takes as a value either open, simple, or cert. |
|
Optional. Specifies the Web server domain on which the Access Manager Agent is deployed. For example, .acompany.com |
|
Optional. Specifies the maximum number of connections that this Access Manager Agent can establish with the Access Manager Server. This number must be the same as (or greater than) the number of connections that are actually associated with this agent. Default = 1 |
|
Optional. Specifies the maximum number of elements maintained in the cache. Cache elements are URLs or Authentication Schemes. The value of this setting refers to the maximum consolidated count for elements in both of these caches. Default = 10000 |
|
Optional. Specifies the amount of time cached information remains in the Access Manager Agent cache when the information is neither used nor referenced. Default = 1800 (seconds) |
|
Optional. Specifies the amount of time that the ObSSOCookie persists. Default = 3600 (seconds) |
|
Optional. Specifies the maximum amount of time in seconds that a user's authentication session is valid regardless of their activity. At the expiration of this time, the user is re-challenged for authentication. This is a forced logout. A value of 0 disables this timeout setting. Default = 3600 (seconds) |
|
Specifies the location of the Domain Home. When Offline, a value is mandatory; when online, optional. |
|
Optional. Specifies a number representing the point when this Access Manager Agent opens connections to a Secondary Access Manager Server. Default = 1 |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
You can alter any or all of the settings. Use the following example to change the Agent ID, state, maximum connections, Access Manager Server timeout, primary cookie domain, cache time out, cookie session timeout, maximum session timeout, idle session timeout, and failover threshold.
editWebgateAgent(agentName="WebgateAgent1", accessClientPasswd="welcome1", state="Enabled", preferredHost="141.144.168.148:2001", aaaTimeOutThreshold = "10", security="open", primaryCookieDomain="primaryCookieDomain", maxConnections="16", maxCacheElems="10000", cacheTimeout="1800", cookieSessionTime="3600", maxSessionTime="24", idleSessionTimeout="3600", failoverThreshold="1", domainHome="domainHome1")
2.1.19 deleteWebgateAgent
The deleteWebgateAgent command is an online and offline command that enables you to delete a Webgate_agent registration entry in the system configuration.
Description
Removes the specified Webgate_agent registration entry from the system configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
deleteWebgateAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the WebGate Agent being deleted. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example removes the WebGate Agent named WebgateAgent1.
deleteWebgateAgent(agentName="WebgateAgent1", domainHome="domainHome1")2.1.20 displayWebgateAgent
The displayWebgateAgent command is an online and offline command that displays all details of the specified Webgate_agent registration entry in the Access Manager Administration Console.
Description
Displays all details of the specified Webgate_agent registration entry in the Access Manager Administration Console. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayWebgateAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the WebGate Agent being displayed. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example displays entry details for WebgateAgent1.
displayWebgateAgent(agentName="WebgateAgent1", domainHome="domainHome1")
2.1.21 exportPolicy
The exportPolicy command is an online command that exports Access Manager policy data from a test (source) environment to the intermediate Access Manager file specified.
Description
Exports Access Manager policy data from a test (source) environment to the intermediate Access Manager file. The scope of this command is an instance only; the scope is not an argument.
Syntax
exportPolicy(pathTempOAMPolicyFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Example
The following example specifies the path to the tempfile.txt file used when exporting policy data from a test (source) environment.
exportPolicy(pathTempOAMPolicyFile="/exampleroot/parent/tempfile.txt") 2.1.22 importPolicy
The importPolicy command is an online command that imports the Access Manager policy data from the specified Access Manager file.
Description
Imports the Access Manager policy data from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.
Syntax
importPolicy(pathTempOAMPolicyFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Example
The following example specifies the path to the tempfile.txt file used when importing policy data to a production (target) environment.
importPolicy(pathTempOAMPolicyFile="/exampleroot/parent/tempfile.txt") 2.1.23 importPolicyDelta
The importPolicyDelta command is an online command that imports the Access Manager policy changes from the specified Access Manager file.
Description
Imports the Access Manager policy changes from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.
Syntax
importPolicyDelta(pathTempOAMPolicyFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Example
The following example specifies the path to the tempfile_delta.txt file used when importing changed policy data to a production (target) environment.
importPolicyDelta(pathTempOAMPolicyFile="/exampleroot/parent/tempfile_delta.txt") 2.1.24 migratePartnersToProd
The migratePartnersToProd command is an online command that migrates partners from the current (source) Access Manager Server to the specified (target) Access Manager Server.
Description
Migrates partners from the current (source) Access Manager Server to the specified (target) Access Manager Server. The scope of this command is an instance only; the scope is not an argument.
Syntax
migratePartnersToProd(prodServerHost="<host>", prodServerPort="<port>", prodServerAdminUser="<user>", prodServerAdminPwd="<passwd>")
| Argument | Definition |
|---|---|
|
|
Host name of the target Access Manager Server to which partners are to be migrated. |
|
|
Port of the target Access Manager Server to which partners are to be migrated. |
|
|
Administrator of the target Access Manager Server to which partners are to be migrated. |
|
|
Target Access Manager Server administrator's password. |
Example
The following example specifies the required information for partner migration.
migratePartnersToProd(prodServerHost="myhost", prodServerPort="1234", prodServerAdminUser="weblogic", prodServerAdminPwd="welcome")
2.1.25 exportPartners
The exportPartners command is an online command that exports Access Manager partners from the source to the Access Manager file specified.
Description
Exports the Access Manager partners from the source to the Access Manager file specified. The scope of this command is an instance only; the scope is not an argument.
Syntax
exportPartners(pathTempOAMPartnerFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Example
The following example specifies the absolute path to the Access Manager partners file.
exportPartners(pathTempOAMPolicyFile="/exampleroot/parent/tempfile_partners.xml") 2.1.26 importPartners
The importPartners command is an online command that imports Access Manager partners from the specified Access Manager file.
Description
Imports the Access Manager partners from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.
Syntax
importPartners(pathTempOAMPartnerFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the path to the temporary Access Manager partner file. |
Example
The following example specifies the absolute path to the Access Manager file from which the partners will be imported.
importPartners(pathTempOAMPolicyFile="/exampleroot/parent/tempfile_partners.xml") 2.1.27 displayTopology
The displayTopology command is an online and offline command that displays information about all Access Manager Servers in a deployment.
Description
Lists the topology of deployed Access Manager Servers.
Syntax
displayTopology(domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example lists the details of all deployed Access Manager Servers in the specified domain home.
displayTopology(domainHome="domainHome1")2.1.28 configureOAAMPartner
The configureOAAMPartner command is an online command that configures the basic integration of Access Manager and Oracle Adaptive Access Manager (OAAM).
Description
Configures the basic integration of Access Manager and OAAM. The scope of this command is an instance only; the scope is not an argument.
Syntax
configureOAAMPartner(dataSourceName="<dataSourceName>", hostName="<hostName>", port="<port>", serviceName="<serviceName>", userName="<userName>", passWord="<passWord>", maxConnectionSize="<maxConnectionSize>", maxPoolSize="<maxPoolSize>", serverName="<serverName>")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the name of the data source to be created. |
|
|
Mandatory. Specifies the name of the database host. |
|
|
Mandatory. Specifies the database port number. |
|
|
Mandatory. Specifies the database service name. |
|
|
Mandatory. Specifies the OAAM schema name. |
|
|
Mandatory. Specifies the OAAM schema password. |
|
|
Optional. Specifies the maximum connection reserve time out size. |
|
|
Optional. Specifies the maximum size for the connection pool. |
|
|
Optional. Specifies the target server for the data source. |
Example
The following example configures a basic integration for Access Manager and OAAM.
configureOAAMPartner(dataSourceName="MyOAAMDS", hostName="host.example.com", port="1521", serviceName="sevice1", userName="username", passWord="password", maxConnectionSize=None, maxPoolSize=None, serverName="oam_server1")
2.1.29 registerOIFDAPPartner
The registerOIFDAPPartner command is an online and offline command that registers Oracle Access Management Identity Federation (Identity Federation) as a Delegated Authentication Protocol (DAP) Partner.
Description
Registers Identity Federation as Delegated Authentication Protocol (DAP) Partner. The scope of this command is an instance only; the scope is not an argument.
Syntax
registerOIFDAPPartner(keystoreLocation="/scratch/keystore" logoutURL="http://<oifhost>:<oifport>/fed/user/splooam11g? doneURL=http(s)://<oamhost>:<oamport>/oam/server/pages/logout.jsp", rolloverTime="nnn")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the location of the Keystore file (generated at the Identity Federation Server). |
|
|
Mandatory. Specifies the logout URL for the Identity Federation server. |
|
|
Optional. Specifies the amount of time in seconds for which the keys used to encrypt/decrypt SASSO tokens can be rolled over. |
Example
The following example illustrates the use of the parameters.
registerOIFDAPPartner(keystoreLocation="/scratch/keystore", logoutURL="http(s)://oif.mycompany.com:1234/fed/user/splooam11g? doneURL=http(s)://oam.mycompany.com:5678/oam/server/pages/logout.jsp", rolloverTime="500")
2.1.30 registerOIFDAPPartnerIDPMode
The registerOIFDAPPartnerIDPMode command is an online and offline command that registers Identity Federation as a Delegated Authentication Protocol (DAP) Partner in IDP Mode.
Description
Registers Identity Federation as Delegated Authentication Protocol (DAP) Partner in IDP Mode. The scope of this command is an instance only; the scope is not an argument.
Syntax
registerOIFDAPPartnerIDPMode(logoutURL="http://<oifhost>:<oifport>/fed/user/sploosso?doneURL=http://<oamhost>:<oamport>/ngam/server/pages/logout.jsp")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the logout URL for the Identity Federation server. |
Example
The following example illustrates the use of the logout URL parameter.
registerOIFDAPPartner( logoutURL="http://oif.oracle.com:1234/fed/user/sploosso? doneURL=http://oam.oracle.com:5678/ngam/server/pages/logout.jsp")
2.1.31 registerThirdPartyTAPPartner
The registerThirdPartyTAPPartner command is an online command that registers any third party as a Trusted Authentication Protocol (TAP) Partner.
Description
Registers any third party as a Trusted Authentication Protocol (TAP) Partner.
Syntax
registerThirdPartyTAPPartner(partnerName="ThirdPartyTAPPartner", keystoreLocation="/scratch/DAPKeyStore/mykeystore.jks", password="test", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="http://thirdpartyserverhost:port/loginPage.jsp")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the partner. Can be any name used to identify the third party partner. |
|
Mandatory. Specifies the location of the keystore file. |
|
Mandatory. Specifies the password for the keystore file. |
|
|
Mandatory. Specifies the version of the Trusted Authentication Protocol. |
|
|
Optional. Specifies the TAPScheme name used to protect the resource - TAPScheme, out of the box. |
|
|
Optional. Specifies the TAP challenge URL to which the credential collector will be redirected. |
Example
The following example illustrates the use of the parameters.
registerThirdPartyTAPPartner(partnerName = "ThirdPartyTAPPartner", keystoreLocation="/scratch/DAPKeyStore/mykeystore.jks", password="test", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="http://thirdpartyserverhost:port/loginPage.jsp")
2.1.32 disableCoexistMode
The disableCoexistMode command is an online command that disables Coexist Mode.
Description
Disables Coexist Mode. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.
Syntax
disableCoexistMode()
Example
The following example disables Coexist Mode.
disableCoexistMode()2.1.33 enableOamAgentCoexist
The enableOamAgentCoexist command is an online command that enables coexist mode for the Access Manager agent (enabling the Access Manager 11g server to own the Obssocookie set by 10g WebGate).
Description
Enables Coexist Mode for the Access Manager agent. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.
Syntax
enableOamAgentCoexist()
Example
The following example enables the Coexist Mode.
enableOamAgentCoexist2.1.34 disableOamAgentCoexist
The disableOamAgentCoexist command is an online command that disables coexist mode for the Access Manager agent.
Description
Disables the Coexist Mode for the Access Manager agent. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.
Syntax
disableOamAgentCoexist()
Example
The following invocation enables the Coexist Mode.
disableOamAgentCoexist2.1.35 editGITOValues
The editGITOValues command is an online and offline command that edits GITO configuration parameters.
Description
Edits GITO configuration parameters. The scope of this command is an instance only; the scope is not an argument.
Syntax
editGITOValues(gitoEnabled="true", gitoCookieDomain=".abc.com", gitoCookieName="ABC", gitoVersion="v1.0", gitoTimeout="20", gitoSecureCookieEnabled="false", domainHome="/abc/def/ijk")
| Argument | Definition |
|---|---|
|
|
Allows (or denies) user to set GITO enabled property. Takes a value of true or false. |
|
|
Mandatory. Specifies the GITO cookie domain. |
|
|
Optional. Specifies the cookie name. |
|
|
Optional. Specifies the GITO version. Takes ONLY v1.0 or v3.0. |
|
|
Optional. Specifies the GITO timeout value. |
|
|
Optional. Enables the GITO cookie enabled property. Takes a value of true or false. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example edits the GITO configuration parameters.
editGITOValues(gitoEnabled="true", gitoCookieDomain=".abc.com", gitoCookieName="ABC", gitoVersion="v1.0", gitoTimeout="20", gitoSecureCookieEnabled="false", domainHome="/abc/def/ijk")
2.1.36 editWebgate11gAgent
The editWebgate11gAgent command is an online and offline command that edits an 11g Webgate_entry registration in the system configuration.
Description
Edits an 11g Webgate_entry registration in the system configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
editWebgate11gAgent(agentName="<AgentName>", accessClientPasswd="<accessClientPassword >",state="<state>", preferredHost="<host>", aaaTimeoutThreshold="<aaaTimeOutThreshold>", security="<security>",logOutUrls="<logOutUrls>", maxConnections="<maxConnections>",maxCacheElems="<maxCacheElements>", cacheTimeout="<cacheTimeOut>", logoutCallbackUrl="<logoutCallbackUrl >",maxSessionTime="<maxSessionTime>", logoutRedirectUrl="<logoutRedirectUrl >",failoverThreshold="<failoverThreshold>", tokenValidityPeriod="<tokenValidityPeriod>",logoutTargetUrlParamName="<logoutTargetUrlParamName>", domainHome="<domainHome>",allowManagementOperations="<allowManagementOperations>", allowTokenScopeOperations="<allowTokenScopeOperations>", allowMasterTokenRetrieval="<allowMasterTokenRetrieval>", allowCredentialCollectorOperations="<allowCredentialCollectorOperations>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the 11g WebGate Agent to be modified. |
|
Optional. Specifies the unique client password for this WebGate Agent. |
|
Optional. Specifies whether the WebGate Agent is enabled or disabled with a value of either Enabled or Disabled, respectively. |
|
Optional. Specifies the preferred host of the WebGate Agent. This prevents security holes that can be created if a host's identifier is not included in the Host Identifiers list. For virtual hosting, you must use the Host Identifiers feature. |
|
Optional. Specifies the number (in seconds) to wait for a response from the Access Manager run-time server. If this parameter is set, it is used as an application TCP/IP timeout instead of the default TCP/IP timeout. Default = -1 (default network TCP/IP timeout is used) |
|
Optional. Specifies the level of transport security to and from the Access Manager run-time server. Takes as a value either open, simple, or cert. |
|
List of URLS that trigger the logout handler, which removes the ObSSOCookie. |
|
Optional. Specifies the maximum number of connections that this Access Manager Agent can establish with the Access Manager Server. This number must be the same as (or greater than) the number of connections that are actually associated with this agent. Default = 1 |
|
Optional. Specifies the maximum number of elements maintained in the cache. Cache elements are URLs or Authentication Schemes. The value of this setting refers to the maximum consolidated count for elements in both of these caches. Default = 10000 |
|
Optional. Specifies the amount of time cached information remains in the Access Manager Agent cache when the information is neither used nor referenced. Default = 1800 (seconds) |
|
The URL to oam_logout_success, which clears cookies during the call back. By default, this is based on the Agent base URL supplied during agent registration. For example:
|
|
Optional. Specifies the maximum amount of time in seconds that a user's authentication session is valid regardless of their activity. At the expiration of this time, the user is re-challenged for authentication. This is a forced logout. A value of 0 disables this timeout setting. Default = 3600 (seconds) |
|
Optional. Specifies the URL (absolute path) to the central logout page (logout.html). By default, this is based on the Access Manager Administration Console host name with a default port of 14200. |
|
Optional. Specifies a number representing the point when this Access Manager Agent opens connections to a Secondary Access Manager Server. Default = 1 |
|
Optional. Specifies the amount of time in seconds that a user's authentication session remains valid without accessing any Access Manager Agent protected resources. |
|
Optional. The value for this is the Logout Target URL to be invoked on logout and configured at the OPSS level. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
|
Optional. Specifies the Set the flag for Allow Management Operations |
|
Optional. Specifies the Set the flag for Allow Token Scope Operations |
|
Optional. Specifies the |
|
Set flag for Allow Master Token Retrieval |
|
Set flag for Allow Credential Collector Operations |
Example
The following example uses all mandatory and optional parameters.
editWebgate11gAgent(agentName="WebgateAgent1", accessClientPasswd="welcome1", state="Enabled", preferredHost="141.144.168.148:2001", aaaTimeoutThreshold="10", security="open", logOutUrls="http://host1.oracle.com:1234", maxConnections = "16", maxCacheElems="10000", cacheTimeout="1800", logoutCallbackUrl="http://host2.oracle.com:1234", maxSessionTime="24", logoutRedirectUrl="logoutRedirectUrl", failoverThreshold="1", tokenValidityPeriod="tokenValidityPeriod", logoutTargetUrlParamName="logoutTargetUrl", domainHome="domainHome1", allowManagementOperations="false", allowTokenScopeOperations="false", allowMasterTokenRetrieval="false", allowCredentialCollectorOperations="false")
2.1.37 deleteWebgate11gAgent
The deleteWebgate11gAgent command is an online and offline command that enables you to remove an 11g Webgate_agent entry in the system configuration.
Description
Removes an 11g Webgate_agent entry in the system configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
deleteWebgate11gAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the 11g WebGate Agent to be removed. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example removes the 11g Webgate_agent entry named my_11gWebGate.
deleteWebgate11gAgent(agentName="my_11gWebGate", domainHome="domainHome1")2.1.38 displayWebgate11gAgent
The displayWebgate11gAgent command is an online and offline command that enables you to display an 11g Webgate_agent registration entry.
Description
Displays an 11g WebGate Agent registration entry. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayWebgate11gAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Mandatory. Specifies the name of the 11g WebGate Agent to be modified. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example displays the WebGate Agent named my_11gWebGate:
displayWebgate11gAgent(agentName="my_11gWebGate", domainHome="domainHome1")2.1.39 displayOAMMetrics
The displayOAMMetrics command is an online and offline command that enables the display of metrics for Access Manager Servers.
Description
Enables the display of metrics for Access Manager Servers. The scope of this command is an instance only; the scope is not an argument.
Syntax
displayOAMMetrics(domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example displays the metrics for Access Manager Servers in the specified domain.
displayOAMMetrics(domainHome="domainHome1") 2.1.40 updateOIMHostPort (deprecated)
DEPRECATED - Online only command that updates the Oracle Identity Manager configuration when integrated with Access Manager.
Description
Updates the Identity Manager configuration in the system configuration. The scope of this command is an instance only; the scope is not an argument.
Syntax
updateOIMHostPort(hostName="<host name>", port="<port number>", secureProtocol="true")
| Argument | Definition |
|---|---|
|
|
Name of the Identity Manager host. |
|
|
Port of the Identity Manager host. |
|
|
Takes a value of true or false depending on whether communication is through HTTP or HTTPS. |
Example
The following example illustrates this command.
updateOIMHostPort(hostName="OIM.oracle.com", port="7777", secureProtocol="true") 2.1.41 configureOIM (deprecated)
DEPRECATED - Online only command that registers an agent profile specific to Oracle Identity Manager when integrated with Access Manager.
Description
Creates an Agent profile specific to Oracle Identity Manager when integrated with Access Manager. The scope of this command is an instance only; the scope is not an argument.
Syntax
configureOIM(oimHost="<OIM host>", oimPort="<port>", oimSecureProtocolEnabled="true | false", oimAccessGatePwd="<AccessGatePassword>", oimCookieDomain="<OIMCookieDomain>", oimWgId="<OIMWebgateID>", oimWgVersion="<OIMWebgateVersion>")
| Argument | Definition |
|---|---|
|
|
Name of the Oracle Identity Manager host. In the case of EDG, the front ending LBR hostname of the OIM Cluster. |
|
|
Port of the Oracle Identity Manager Managed Server. In the case of EDG, the front ending LBR port of the OIM Managed Server Cluster. |
|
|
Takes a value of true or false depending on whether communication is through HTTP or HTTPS. |
|
|
If provided, the agent password for Open mode. |
|
|
Domain in which the cookie is to be set . |
|
|
Agent registration name. |
|
|
Possible values are 10g or 11g. If not provided, default is 10g. |
Example
The following example illustrates this command.
configureOIM(oimHost="oracle.com", oimPort="7777", oimSecureProtocolEnabled="true", oimAccessGatePwd = "welcome", oimCookieDomain = "domain1", oimWgId="<OIM Webgate ID>", oimWgVersion="10g")
2.1.42 updateOSSOResponseCookieConfig
The updateOSSOResponseCookieConfig command is an online and offline command that updates the OSSO Proxy response cookie settings.
Description
Updates OSSO Proxy response cookie settings. The scope of this command is an instance only; the scope is not an argument.
Syntax
updateOSSOResponseCookieConfig(cookieName="<cookieName>",cookieMaxAge="<cookie age in minutes>", isSecureCookie="true | false",cookieDomain="<domain of the cookie>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
|
Optional. Name of the cookie for which settings are updated. If not specified, the global setting is updated. |
|
|
Maximum age of a cookie in minutes. A negative value sets a session cookie. |
|
|
Boolean flag that specifies if cookie should be secure (sent over SSL channel). |
|
|
The domain of the cookie. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example illustrates this command.
updateOSSOResponseCookieConfig(cookieName = "ORASSO_AUTH_HINT", cookieMaxAge = "525600", isSecureCookie = "false", cookieDomain=".example.com", domainHome = "<domain_home>")
2.1.43 deleteOSSOResponseCookieConfig
The deleteOSSOResponseCookieConfig command is an online and offline command that deletes the OSSO Proxy response cookie settings in the system configuration.
Description
Deletes the OSSO Proxy response cookie settings. The scope of this command is an instance only; the scope is not an argument.
Syntax
deleteOSSOResponseCookieConfig(cookieName="<cookieName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
|
|
Mandatory. Name of the cookie for which settings are being deleted. The global cookie setting cannot be deleted. |
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Example
The following example illustrates this command.
deleteOSSOResponseCookieConfig(cookieName="ORASSO_AUTH_HINT", domainHome = "<domain_home>")
2.1.44 configureAndCreateIdentityStore
The configureAndCreateIdentityStore command is an online command that configures the identity store and external user store.
Description
Configures the identity store and external user store using the values supplied.
Syntax
configureOIM(oimHost="<OIM host>", oimPort="<port>", oimSecureProtocolEnabled="true | false", oimAccessGatePwd="<AccessGatePassword>", oimCookieDomain="<OIMCookieDomain>", oimWgId="<OIMWebgateID>", oimWgVersion="<OIMWebgateVersion>"), nameOfIdStore="<nameOfIdStore>", idStoreSecurityCredential="<idStoreSecurityCredential>", userSearchBase="<userSearchBase>", ldapUrl="<ldapUrl>", groupSearchBase="<groupSearchBase>", securityPrincipal="<securityPrincipal>", idStoreType="<idStoreType>", ldapProvider="<ldapProvider>", isPrimary="<isPrimary>", userIDProvider="<userIDProvider>", userNameAttr="<userNameAttr>"
| Argument | Definition |
|---|---|
|
|
Name of the Oracle Identity Manager host. In the case of EDG, the front ending LBR hostname of the OIM Cluster. |
|
|
Port of the Oracle Identity Manager Managed Server. In the case of EDG, the front ending LBR port of the OIM Managed Server Cluster. |
|
|
Takes a value of true or false depending on whether communication is through HTTP or HTTPS. |
|
|
If provided, the agent password for Open mode. |
|
|
Domain in which the cookie is to be set . |
|
|
Agent registration name. |
|
|
Possible values are 10g or 11g. If not provided, default is 10g. |
|
|
Mandatory. Specifies the name of the LDAP ID store to be created. |
|
|
Mandatory. Specifies the password of the Principal for the LDAP identity store being created. |
|
|
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being created. |
|
|
Mandatory. Specifies the URL for the LDAP host (including port number) of the LDAP identity store being created. |
|
|
Mandatory. Specifies the node under which group data is stored in the LDAP identity store being created. |
|
|
Mandatory. Specifies the Principal Administrator of the LDAP identity store being created. |
|
|
Mandatory. Specifies the type of the LDAP identity store being created. |
|
|
Specifies the LDAP Provider type of the store being created. |
|
|
Optional. Specifies whether the LDAP identity store being registered is the primary identity store. Takes true or false as a value. |
|
|
Specifies the user Identity Provider for the store being created. |
|
|
Mandatory. Specifies the user attributes for the store. |
Example
The following example illustrates this command.
configureOIM(oimHost="oracle.com", oimPort="7777", oimSecureProtocolEnabled="true", oimAccessGatePwd = "welcome", oimCookieDomain = "domain1", oimWgId="<OIM Webgate ID>", oimWgVersion="10g" nameOfIdStore="nameOfIdStore", idStoreSecurityCredential="idStoreSecurityCredential", userSearchBase="userSearchBase", ldapUrl="ldapUrl", groupSearchBase="groupSearchBase", securityPrincipal="securityPrincipal", idStoreType="idStoreType", ldapProvider="ldapProvider", isPrimary="true", userIDProvider="userIDProvider", userNameAttr="userNameAttr")
2.1.45 configAndCreateIdStoreUsingPropFile
The configAndCreateIdStoreUsingPropFile command is an online command that configures the identity store and external user store using the values supplied in a properties file.
Description
Configures the identity store and external user store using the values supplied in the specified properties file.
Syntax
configAndCreateIdStoreUsingPropFile(path="<path_of_property_file>")
| Argument | Definition |
|---|---|
|
|
Path to the property file in which the values are defined. |
Example
The following example illustrates this command.
configAndCreateIdStoreUsingPropFile(path="/prop_file_directory/values.properties")2.1.46 manageAuditEvents
Use the manageAuditEvents command to disable the audit of events of a specific type.
Description
ThemanageAuditEvents is an event type filter that allows you to disable the audit of events of a specific type. The command can be run in online mode (after domainRuntime() is run) or offline mode.
Syntax
manageAuditEvents(eventType="<event type>",auditEnabled="<true|false>",[eventStatus="<true|false>"],[presetFilter="<All|Medium|Low>"])
| Argument | Definition |
|---|---|
|
eventType |
Mandatory Specifies the event type to be filtered. Its value is as defined in the |
|
auditEnabled |
Mandatory Set to true to disable the audit. Setting it to true is equivalent to removing the filter. |
|
eventStatus |
Optional Enables or Disables audit of events of specific event status. Set to true (false) to disable only the audit of events, which status is true (false). |
| presetFilter |
Optional Activates the filter only for the specified preset filter. |
Example 2-1 Examples
The following command disables the audit of all PluginInvocationStartevents, in offline mode.
manageAuditEvents(eventType="PluginInvocationStart",auditEnabled="false",domainHome="/MW_HOME/user_projects/domains/oam_domain")
The following command disables the audit of successful Authorization events, in online mode.
manageAuditEvents(eventType="Authorization",auditEnabled="false",eventStatus="true")
The following command disables the audit of all the events of type Authorization, in online mode.
manageAuditEvents(eventType="Authorization",auditEnabled="false")
2.1.47 migrateArtifacts (deprecated)
DEPRECATED - Migrates artifacts.
Description
Migrates artifacts based on the values defined in the input artifact file.
Syntax
migrateArtifacts(path="<path_to_artifacts_file>", password="<password>", type="OutOfPlace|InPlace", isIncremental="true|false")
| Argument | Definition |
|---|---|
|
Location of the artifacts file |
|
Password used while generating original artifacts. |
|
Boolean that defines the type of migration and takes as a value InPlace or OutOfPlace |
|
|
Boolean that takes a value of true or false. If true, an incremental upgrade is done. |
Example
The following example illustrates this command.
migrateArtifacts(path="/exampleroot/parent/t", password="welcome", type="InPlace", isIncremental="false")
2.1.48 displaySimpleModeGlobalPassphrase
The displaySimpleModeGlobalPassphrase command is an online command that displays the simple mode global passphrase defined in the system configuration in plain text.
Description
Online only command that displays the simple mode global passphrase in plain text. There are no arguments for this command.
Syntax
displaySimpleModeGlobalPassphrase()
Example
The following example illustrates this command.
displaySimpleModeGlobalPassphrase()2.1.49 exportSelectedPartners
The exportSelectedPartners command is an online command that exports selected Access Manager Partners to the specified Access Manager file.
Description
Exports selected Access Manager Partners to the specified Access Manager file specified.
Syntax
exportSelectedPartners(pathTempOAMPartnerFile="<absoluteFilePath>", partnersNameList="<comma_separated_partner_names>")
| Argument | Definition |
|---|---|
|
|
Mandatory. The location of the file to which the information will be exported. |
|
|
Mandatory. Specifies a comma separated list of partner ids being exported. |
Example
The following example illustrates this command.
exportSelectedPartners(pathTempOAMPartnerFile="/exampleroot/parent/tempfile.extn" partnersNameList="partner1,partner2")
2.1.50 oamMigrate
The oamMigrate command is an online command that migrates policies, authentication stores, and user stores from OSSO, OAM10g, OpenSSO, or AM 7.1 to OAM11g.
Description
Invokes the beginMigrate operation of the migration framework mbean.
Syntax
oamMigrate(oamMigrateType=<migrationType>, pathMigrationPropertiesFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the type of migration being done. Takes one of the following as a value: OSSO | OpenSSO | OAM10g NOTE: OpenSSO applies to both SAML 7.1 and OpenSSO. |
|
|
Mandatory. Specifies the path to the file from which the necessary artifacts for migration are read. |
Example
The following example illustrates this command.
oamMigrate(oamMigrateType=OSSO, pathMigrationPropertiesFile="/middlewarehome/oam-migrate.properties")
2.1.51 preSchemeUpgrade
The preSchemeUpgrade command is an online command that invokes the preSchemeUpgrade operation.
Description
Invokes the preSchemeUpgrade operation.
Syntax
preSchemeUpgrade (pathUpgradePropertiesFile="/middlewarehome/oam-upgrade.properties")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the path to the file from which the necessary system properties for upgrade are read. |
Example
The following example illustrates this command.
preSchemeUpgrade(pathUpgradePropertiesFile="/exampleroot/parent/tempfile.extn")2.1.52 postSchemeUpgrade
The postSchemeUpgrade command is an online command that invokes the postSchemeUpgrade operation.
Description
Invokes the postSchemeUpgrade operation.
Syntax
postSchemeUpgrade (pathUpgradePropertiesFile="/middlewarehome/oam-upgrade.properties")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the path to the file from which the necessary system properties for upgrade are read. |
Example
The following example illustrates this command.
postSchemeUpgrade(pathUpgradePropertiesFile="/exampleroot/parent/tempfile.extn")2.1.53 oamSetWhiteListMode
The oamSetWhiteListMode command is an online command that sets the oamSetWhiteListMode to true or false.
Description
Sets the oamSetWhiteListMode to true or false. If true, Access Manager redirects to the last URL requested by the consuming application only if it is configured as a white-list URL.
Syntax
oamSetWhiteListMode(oamWhiteListMode="true|false")
| Argument | Definition |
|---|---|
|
|
Mandatory. Enables the Access Manager white list mode. |
Example
The following example illustrates this command.
oamSetWhiteListMode(oamWhiteListMode="true")2.1.54 oamWhiteListURLConfig
The oamWhiteListURLConfig command is an online command that performs actions on whitelist URL entries from the specified file based on the add, update, or remove operations.
Description
Add, update or remove whitelist URL entries from the specified file.
This command allows you to enter whitelist URL values having wildcard port/host into the WhiteList config map.
In the value field, if host/port is specified using wildcard characters (* symbol) then all the host/port belonging to that particular format will be allowed.
On adding the * symbol, the match will be made for the WhiteList URL based on wild card comparison mechanism.
Syntax
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:1234", Operation="Remove|Update")
| Argument | Definition |
|---|---|
|
|
Mandatory. A valid string representing the name (key) for this entry. |
|
|
Mandatory. A valid URL in the <protocol>://<host>:<port> format. If the port is not specified, default HTTP/HTTPS ports are assigned accordingly. |
|
|
Mandatory. Takes as a value Update or Remove. Not case sensitive. |
Example
The following example illustrates this command:
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:1234", Operation="Update")The following example illustrates this command using wildcards for Whitelist ports:
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Update") oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Remove")
The following examples illustrates this command when host/port is specified using wild card characters in value field:
oamWhiteListURLConfig(Name="xyz", Value="http://*.com:7777", Operation="Update")The above command will allow URL's such as http://xyz.com:7777, http://abc.com:7777 and so on for redirection.
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Update")The above command will allow URL's such as http://xyz.com:8000, http://abc.com:4040 and so on for redirection.
2.1.55 enableMultiDataCentreMode
The enableMultiDataCentreMode command is an online command that enables Multi Data Center Mode.
Description
Enables Multi Data Center Mode.
Syntax
enableMultiDataCentreMode(propfile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the absolute path to a file from which the properties to enable the Multi Data Center are read. |
Example
The following example illustrates this command.
enableMultiDataCentre(propfile="/middlewarehome/oamMDCProperty.properties")2.1.56 disableMultiDataCentreMode
The disableMultiDataCentreMode command is an online command that disables Multi Data Center Mode.
Description
Disables Multi Data Center Mode. This command has no arguments.
Syntax
disableMultiDataCentreMode()
Example
The following example illustrates this command.
disableMultiDataCentreMode()2.1.57 setMultiDataCentreClusterName
The setMultiDataCentreClusterName command is an online command that sets the Multi Data Center cluster name.
Description
Sets the Multi Data Center cluster name.
Syntax
setMultiDataCentreClusterName(clusterName="MyCluster")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the name of the cluster. |
Example
The following example illustrates this command.
postSchemeUpgrade(clusterName="MyCluster")2.1.58 setMultiDataCentreLogoutURLs
The setMultiDataCentreLogoutURLs command is an online command that sets the Multi Data Center Partner logout URLs.
Description
Sets the Multi Data Center Partner logout URLs.
Syntax
setMultiDataCentreLogoutURLs (logoutURLs="http://<host>:<port>/logout.jsp,http://<host>:<port>/logout.jsp")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specify a comma separated list of Multi Data Center Partner logout URLs. |
Example
The following example illustrates this command.
setMultiDataCentreLogoutURLs(logoutURLs="http://localhost:6666/logout.jsp,http://localhost:8888/logout.jsp")2.1.59 updateMultiDataCentreLogoutURLs
The updateMultiDataCentreLogoutURLs command updates the Multi Data Center Partner logout URLs.
Description
Updates the Multi Data Center Partner logout URLs.
Syntax
updateMultiDataCentreLogoutURLs (logoutURLs="http://<host>:<port>/logout.jsp,http://<host>:<port>/logout.jsp")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specify a comma separated list of Multi Data Center Partner logout URLs. |
Example
The following example illustrates this command.
updateMultiDataCentreLogoutURLs(logoutURLs="http://localhost:7777/logout.jsp,http://localhost:9999/logout.jsp")2.1.60 addPartnerForMultiDataCentre
The addPartnerForMultiDataCentre command is an online command that adds a partner to a Multi Data Center.
Description
Adds a partner to a Multi Data Center. This command is supported only in online mode and adds one partner at a time.
Syntax
addPartnerForMultiDataCentre(propfile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the absolute path to a file that contains the agent information. |
Example
The following example illustrates this command.
addPartnerForMultiDataCentre(propfile="/middlewarehome/partnerInfo.properties")2.1.61 removePartnerForMultiDataCentre
The removePartnerForMultiDataCentre command is an online command that removes a partner from Multi Data Center.
Description
Removes a partner from Multi Data Center. This command is supported only in online mode and removes one partner at a time.
Syntax
removePartnerForMultiDataCentre(webgateid="<webgateId")
| Argument | Definition |
|---|---|
|
|
Mandatory. Specifies the ID of the partner to be deleted. |
Example
The following example illustrates this command.
removePartnerForMultiDataCentre(webgateid="IAMSuite")2.1.62 addOAMSSOProvider
The addOAMSSOProvider command is an online command that adds an Access Manager SSO provider with the given login URI, logout URI, and auto-login URI.
Description
This command modifies the domain jps-config.xml by adding an Access Manager SSO service instance with the required properties. In the event of an error, the command returns a WLSTException.
Syntax
addOAMSSOProvider(loginuri, logouturi, autologinuri)
| Argument | Definition |
|---|---|
|
loginuri |
Specifies the URI of the login page. Required. |
|
logouturi |
Specifies the URI of the logout page. Optional. If unspecified, defaults to logouturi=NONE. Set to "" to ensure that ADF security calls the OPSS logout service, which uses the implementation of the class OAMSSOServiceImpl to clear the cookie ObSSOCookie. An ADF-secured web application that would like to clear cookies without logging out the user should use this setting. |
|
autologinuri |
Specifies the URI of the autologin page. Optional. If unspecified, it defaults to autologin=NONE. |
Example
The following example illustrates this command.
addOAMSSOProvider(loginuri="/${app.context}/adfAuthentication",
logouturi="/oamsso/logout.html", autologinuri="/example.cgi")
2.1.63 setDiscoveryProvider
Description
This command sets the fully qualified classname for the given discovery provider.
Syntax
setDiscoveryProvider(name="<Discovery Provider Name>",value="<class name>")
| Argument | Definition |
|---|---|
|
name |
Name of the discovery provider |
|
value |
Fully qualified class name value. |
Examples
The following examples illustrate this command.
setDiscoveryProvider('blobdiscovery','oracle.security.fed.jvt.discovery.model.profilestate.RDBMSBlobDiscoveryProvider')
setDiscoveryProvider(name='blobdiscovery',value='oracle.security.fed.jvt.discovery.model.profilestate.RDBMSBlobDiscoveryProvider') 2.1.64 displayDiscoveryProvider
Description
This command diplays the fully qualified classname configured for the discovery provider.
Syntax
displayDiscoveryProvider(name="<Discovery Provider Name>")
| Argument | Definition |
|---|---|
|
name |
Name of the discovery provider |
Examples
The following examples illustrate this command.
displayDiscoveryProvider('blobdiscovery')
displayDiscoveryProvider(name='blobdiscovery')2.1.65 configurePluginMetadata
Description
This command adds the plugin and plugin-metadata as specified in the
propFile in the oam-config.xml file.
Note:
This command cannot be used to update an existing plugin.Syntax
configurePluginMetadata(name="<Plugin Name>",propFile="<path to the properties file>"
| Argument | Definition |
|---|---|
|
name |
Name of the Plugin to be added |
| propFile | Path to the properties file with plugin metadata |
Examples
The following examples illustrate this command.
configurePluginMetadata('OAuthUserSelfRegistrationPlugin','/scratch/data.xml')
configurePluginMetadata(name='OAuthUserSelfRegistrationPlugin',propFile='/scratch/data.xml')