PingAM 7.5.1

ssoadm

Configure OpenAM core services.

ssoadm [ subcommand ] [ options ]

Description

The ssoadm command provides a rich command-line interface for configuring OpenAM core services.

Also see Set up administration tools for instructions on setting up the ssoadm command.

Global options

The following global options are supported.

--debug, -d

Run in debug mode. Results sent to the debug file.

--help, -?

Print usage.

This command can also be used with subcommands as in ssoadm subcommand --help.

--information, -O

Print basic information about the tool.

--locale, -l

Name of the locale to display the results.

--verbose, -v

Run in verbose mode. Results sent to standard output.

--version, -V

Print the version of this tool.

JVM Properties for ssoadm

You can specifically set the authentication module or chain for administrator logins using two JVM settings. These settings provide more control to select the exact authentication mechanisms to be used when ssoadm authenticates administrators in the top-level realm.

To set these properties, manually edit the following two JVM settings in the ssoadm or ssoadm.bat script.

org.forgerock.openam.ssoadm.auth.indexType

Specifies the module or chain-based authentication in the top level realm. If the property is set, OpenAM uses only that authentication mechanism.

org.forgerock.openam.ssoadm.auth.indexName

Specifies the actual name of the authentication module/chain as controlled by the indexType setting. For example, if the indexType is set to module_instance and indexName is set to LDAP, then ssoadm authenticates using only the LDAP authentication module.

Subcommands by category

This section lists subcommands by category. The subsequent section lists subcommands in alphabetical order with a short description.

See ssoadm subcommand --help for detailed options.

Subcommands: Alphabetical Order

The following subcommands are supported.

See also ssoadm subcommand --help.

ssoadm add-agent-to-grp

Add agents to a agent group.

Usage: ssoadm add-agent-to-grp --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentgroupname, -b

Name of agent group.

--agentnames, -s

Names of agents.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm add-amsdk-idrepo-plugin

Create AMSDK IdRepo Plug-in

Usage: ssoadm add-amsdk-idrepo-plugin --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--basedn, -b

Directory Server base distinguished name.

--bind-password-file, -m

File that contains password of bind password.

--binddn, -e

Directory Server bind distinguished name.

--directory-servers, -s

directory servers <protocol>://<hostname>:<port>. Can have multiple entries.

--dsame-password-file, -x

File that contains password of the dsameuser

--password-file, -f

File name that contains password of administrator.

--puser-password-file, -p

File that contains password of the puser

[--org, -o]

Organization objects naming attribute (defaults to 'o')

[--user, -a]

User objects naming attribute (defaults to 'uid')

ssoadm add-app-priv

Add a policy set privilege to delegate resources of a given policy set. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.

Usage: ssoadm add-app-priv --options [--global-options]

Options
--actions, -a

Possible values are READ, MODIFY, DELEGATE, ALL

--adminid, -u

Administrator ID of running the command.

--application, -t

Policy set name

--name, -m

Name for the this delegation

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

--subjects, -s

Subject name

--subjecttype, -b

Possible values are User or Group

[--description, -p]

Description for the this delegation.

[--resources, -r]

Resources to delegate, All resources in the policy set will be delegated if this option is absent.

ssoadm add-attr-defs

Add default attribute values in schema.

Usage: ssoadm add-attr-defs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--attributevalues, -a]

Attribute values e.g. homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

[--subschemaname, -c]

Name of sub schema.

ssoadm add-attrs

Add attribute schema to an existing service.

Usage: ssoadm add-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschemafile, -F

XML file containing attribute schema definition.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Schema Type.

--servicename, -s

Service Name.

[--subschemaname, -c]

Name of sub schema.

ssoadm add-auth-cfg-entr

Add authentication configuration entry

Usage: ssoadm add-auth-cfg-entr --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--criteria, -c

Criteria for this entry. Possible values are REQUIRED, OPTIONAL, SUFFICIENT, REQUISITE

--modulename, -o

Module Name.

--name, -m

Name of authentication configuration.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--options, -t]

Options for this entry.

[--position, -p]

Position where the new entry is to be added. This is option is not set, entry shall be added to the end of the list. If value of this option is 0, it will be inserted to the front of the list. If value is greater of the length of the list, entry shall be added to the end of the list.

ssoadm add-cot-member

Add a member to a circle of trust.

Usage: ssoadm add-cot-member --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--cot, -t

Circle of Trust

--entityid, -y

Entity ID

--password-file, -f

File name that contains password of administrator.

[--realm, -e]

Realm where circle of trust resides

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

ssoadm add-member

Add an identity as member of another identity

Usage: ssoadm add-member --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity

--memberidname, -m

Name of identity that is member.

--memberidtype, -y

Type of Identity of member such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm add-plugin-interface

Add Plug-in interface to service.

Usage: ssoadm add-plugin-interface --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--i18nkey, -k

Plug-in I18n Key.

--interfacename, -i

Name of interface.

--password-file, -f

File name that contains password of administrator.

--pluginname, -g

Name of Plug-in.

--servicename, -s

Name of service.

ssoadm add-plugin-schema

Add Plug-in schema to service.

Usage: ssoadm add-plugin-schema --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--classname, -c

Name of the Plugin Schema class implementation

--i18nkey, -k

Plug-in I18n Key.

--i18nname, -n

Plug-in I18n Name.

--interfacename, -i

Name of interface.

--password-file, -f

File name that contains password of administrator.

--pluginname, -g

Name of Plug-in.

--servicename, -s

Name of service.

ssoadm add-privileges

Add privileges to an identity. To add a privilege to all authenticated users, use the "All Authenticated Users" idname with "role" idtype.

Usage: ssoadm add-privileges --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as Role and Group.

--password-file, -f

File name that contains password of administrator.

--privileges, -g

Name of privileges to be added. Privilege names are AgentAdmin, ApplicationModifyAccess, ApplicationReadAccess, ApplicationTypesReadAccess, ConditionTypesReadAccess, DecisionCombinersReadAccess, EntitlementRestAccess, FederationAdmin, LogAdmin, LogRead, LogWrite, PolicyAdmin, PrivilegeRestAccess, PrivilegeRestReadAccess, RealmAdmin, RealmReadAccess, ResourceTypeModifyAccess, ResourceTypeReadAccess, SubjectAttributesReadAccess, and SubjectTypesReadAccess.

--realm, -e

Name of realm.

ssoadm add-res-bundle

Add resource bundle to data store.

Usage: ssoadm add-res-bundle --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--bundlefilename, -B

Resource bundle physical file name.

--bundlename, -b

Resource Bundle Name.

--password-file, -f

File name that contains password of administrator.

[--bundlelocale, -o]

Locale of the resource bundle.

ssoadm add-site-members

Add members to a site.

Usage: ssoadm add-site-members --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servernames, -e

Server names, such as http://www.example.com:8080/fam

--sitename, -s

Site name, e.g. mysite

ssoadm add-site-sec-urls

Add Site Secondary URLs.

Usage: ssoadm add-site-sec-urls --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--secondaryurls, -a

Secondary URLs

--sitename, -s

Site name, e.g. mysite

ssoadm add-sub-schema

Add sub schema.

Usage: ssoadm add-sub-schema --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--filename, -F

Name of file that contains the schema

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

ssoadm add-svc-attrs

Add service attribute values in a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.

Usage: ssoadm add-svc-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

[--attributevalues, -a]

Attribute values to be added e.g. homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values to be added.

ssoadm add-svc-identity

Add Service to an identity

Usage: ssoadm add-svc-identity --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

[--attributevalues, -a]

Attribute values e.g. homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm add-svc-realm

Add service to a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.

Usage: ssoadm add-svc-realm --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Service Name.

[--attributevalues, -a]

Attribute values e.g. homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm agent-remove-props

Remove agent’s properties.

Usage: ssoadm agent-remove-props --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentname, -b

Name of agent.

--attributenames, -a

properties name(s).

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm clone-server

Clone a server instance.

Usage: ssoadm clone-server --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--cloneservername, -o

Clone server name

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name

ssoadm create-agent

Create a new agent configuration.

Usage: ssoadm create-agent --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentname, -b

Name of agent.

--agenttype, -t

Type of agent. Possible values: J2EEAgent, WebAgent, 2.2_Agent, SharedAgent, OAuth2Client

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--agenturl, -g]

Agent URL. such as http://www.agent.example:8080/agent\. WebAgent does not take URL with path, such as http://www.agent.example:8080. This option is valid only for J2EEAgent and WebAgent agent types, and is required when the agent type is J2EEAgent or WebAgent.

[--attributevalues, -a]

Properties, such as sunIdentityServerDeviceKeyValue=https://agent.example.com:443/

[--datafile, -D]

Name of file that contains properties.

[--serverurl, -s]

Server URL. such as http://www.example.com:58080/openam. This option is valid only for J2EEAgent and WebAgent agent types, and is required when the agent type is J2EEAgent or WebAgent.

ssoadm create-agent-grp

Create a new agent group.

Usage: ssoadm create-agent-grp --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentgroupname, -b

Name of agent group.

--agenttype, -t

Type of agent group. e.g. J2EEAgent, WebAgent

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Properties e.g. homeaddress=here.

[--datafile, -D]

Name of file that contains properties.

[--serverurl, -s]

Server URL. such as http://www.example.com:58080/openam. This option is valid for J2EEAgent and WebAgent.

ssoadm create-appl

Create policy set.

Usage: ssoadm create-appl --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--applicationtype, -t

Application type name

--name, -m

Policy set name

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

[--attributevalues, -a]

Attribute values e.g. applicationType=iPlanetAMWebAgentService.

[--datafile, -D]

Name of file that contains attribute values data. Mandatory attributes are resources, subjects, conditions and entitlementCombiner. Optional ones are actions, searchIndexImpl, saveIndexImpl, resourceComparator, subjectAttributeNames.

ssoadm create-appl-type

Create application type.

Usage: ssoadm create-appl-type --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Application Type name

--password-file, -f

File name that contains password of administrator.

[--attributevalues, -a]

Application Type attribute values e.g. actions=enabled=true.

[--datafile, -D]

Name of file that contains attribute type values data. Mandatory attributes are actions, searchIndexImpl and saveIndexImpl. Optional are resourceComparator.

ssoadm create-auth-cfg

Create authentication configuration

Usage: ssoadm create-auth-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of authentication configuration.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm create-auth-instance

Create authentication module instance

Usage: ssoadm create-auth-instance --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--authtype, -t

Type of authentication module instance. Possible values include AD, Adaptive, Anonymous, Cert, DataStore, DeviceIdMatch, DeviceIdSave, Federation, HOTP, HTTPBasic, JDBC, LDAP, Membership, MSISDN, OATH, OAuth, OpenIdConnect, PersistentCookie, RADIUS, SAE, Scripted, WindowsDesktopSSO, NT, and WSSAuthModule.

--name, -m

Name of authentication module instance.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm create-cot

Create circle of trust.

Usage: ssoadm create-cot --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--cot, -t

Circle of Trust

--password-file, -f

File name that contains password of administrator.

[--prefix, -p]

Prefix URL for idp discovery reader and writer URL.

[--realm, -e]

Realm where circle of trust resides

[--trustedproviders, -k]

Trusted Providers

ssoadm create-datastore

Create data store under a realm

Usage: ssoadm create-datastore --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--datatype, -t

Type of datastore. Use the list-datastore-types subcommand to get a list of supported datastore types.

--name, -m

Name of datastore.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Attribute values e.g. sunIdRepoClass=com.sun.identity.idm.plugins.files.FilesRepo.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm create-identity

Create identity in a realm

Usage: ssoadm create-identity --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Attribute values e.g. sunIdentityServerDeviceStatus=Active.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm create-metadata-templ

Create new metadata template.

Usage: ssoadm create-metadata-templ --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--entityid, -y

Entity ID

--password-file, -f

File name that contains password of administrator.

[--affiecertalias, -K]

Affiliation encryption certificate alias

[--affiliation, -F]

Specify metaAlias for hosted affiliation. to be created. The format must be <realm name>/<identifier>.

[--affimembers, -M]

Affiliation members

[--affiownerid, -N]

Affiliation Owner ID

[--affiscertalias, -J]

Affiliation signing certificate alias

[--attraecertalias, -G]

Attribute authority encryption certificate alias.

[--attrascertalias, -B]

Attribute authority signing certificate alias

[--attrauthority, -I]

Specify metaAlias for hosted attribute authority to be created. The format must be <realm name>/<identifier>.

[--attrqecertalias, -R]

Attribute query provider encryption certificate alias

[--attrqscertalias, -A]

Attribute query provider signing certificate alias

[--attrqueryprovider, -S]

Specify metaAlias for hosted attribute query provider to be created. The format must be <realm name>/<identifier>.

[--authnaecertalias, -E]

Authentication authority encryption certificate alias.

[--authnascertalias, -D]

Authentication authority signing certificate alias

[--authnauthority, -C]

Specify metaAlias for hosted authentication authority to be created. The format must be <realm name>/<identifier>.

[--extended-data-file, -x]

Specify file name for the extended metadata to be created. XML will be displayed on terminal if this file name is not provided.

[--identityprovider, -i]

Specify metaAlias for hosted identity provider to be created. The format must be <realm name>/<identifier>.

[--idpecertalias, -g]

Identity provider encryption certificate alias.

[--idpscertalias, -b]

Identity provider signing certificate alias

[--meta-data-file, -m]

Specify file name for the standard metadata to be created. XML will be displayed on terminal if this file name is not provided.

[--serviceprovider, -s]

Specify metaAlias for hosted service provider to be created. The format must be <realm name>/<identifier>.

[--specertalias, -r]

Service provider encryption certificate alias

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

[--spscertalias, -a]

Service provider signing certificate alias

[--xacmlpdpecertalias, -j]

Policy decision point encryption certificate alias

[--xacmlpdpscertalias, -t]

Policy decision point signing certificate alias

[--xacmlpdp, -p]

Specify metaAlias for policy decision point to be created. The format must be <realm name>/<identifier>.

[--xacmlpepecertalias, -z]

Policy enforcement point encryption certificate alias

[--xacmlpepscertalias, -k]

Policy enforcement point signing certificate alias

[--xacmlpep, -e]

Specify metaAlias for policy enforcement point to be created. The format must be <realm name>/<identifier>.

ssoadm create-realm

Create realm.

Usage: ssoadm create-realm --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm to be created.

ssoadm create-server

Create a server instance.

Usage: ssoadm create-server --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--serverconfigxml, -X

Server Configuration XML file name.

--servername, -s

Server name, such as http://www.example.com:8080/fam

[--attributevalues, -a]

Attribute values e.g. homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm create-site

Create a site.

Usage: ssoadm create-site --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--sitename, -s

Site name, e.g. mysite

--siteurl, -i

Site’s primary URL, such as http://www.example.com:8080

[--secondaryurls, -a]

Secondary URLs

ssoadm create-sub-cfg

Create a new sub configuration. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.

Usage: ssoadm create-sub-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Name of service.

--subconfigname, -g

Sub-schema name of (or path to) the type of sub-configuration being added.

[--attributevalues, -a]

Attribute values e.g. homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

[--priority, -p]

Priority of the sub configuration.

[--realm, -e]

Name of realm (Sub Configuration shall be added to global configuration if this option is not provided).

[--subconfigid, -b]

User-specfieid ID of (or path to) the sub-configuration.

ssoadm create-svc

Create a new service in server.

Usage: ssoadm create-svc --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--xmlfile, -X

XML file(s) that contains schema.

[--continue, -c]

Continue adding service if one or more previous service cannot be added.

ssoadm create-svrcfg-xml

Create serverconfig.xml file. No options are required for flat file configuration data store.

Usage: ssoadm create-svrcfg-xml --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

[--basedn, -b]

Directory Server base distinguished name.

[--dsadmin, -a]

Directory Server administrator distinguished name

[--dshost, -t]

Directory Server host name

[--dspassword-file, -x]

File that contains Directory Server administrator password

[--dsport, -p]

Directory Server port number

[--outfile, -o]

File name where serverconfig XML is written.

ssoadm create-xacml

Create policies in a realm with XACML input.

Usage: ssoadm create-xacml --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--xmlfile, -X

File that contains the policy XACML definition. In the console, paste the XML into the text field instead.

[--dryrun, -n]

Provide a summary of the policies which would be updated, and those which would be added, as a result of the create-xacml command without the 'dryrun' option specified. Nothing will be updated or added when using this option.

[--outfile, -o]

Filename where the output of a 'dryrun' command will be sent to. If no 'dryrun' command is specified, the outfile will not be used for anything.

ssoadm delete-agent-grps

Delete agent groups.

Usage: ssoadm delete-agent-grps --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--agentgroupnames, -s]

Separate multiple agent group names with spaces.

[--file, -D]

File containing agent group names, with multiple group names separated by spaces.

ssoadm delete-agents

Delete agent configurations.

Usage: ssoadm delete-agents --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--agentnames, -s]

Separate multiple agent names with spaces.

[--file, -D]

File containing agent names, with multiple agent names separated by spaces.

ssoadm delete-appl-types

Delete application types.

Usage: ssoadm delete-appl-types --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--names, -m

Application Type names

--password-file, -f

File name that contains password of administrator.

ssoadm delete-appls

Delete policy sets. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.

Usage: ssoadm delete-appls --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--names, -m

Policy set names

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

ssoadm delete-attr

Delete attribute schemas from a service

Usage: ssoadm delete-attr --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema to be removed.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm delete-attr-def-values

Delete attribute schema default values.

Usage: ssoadm delete-attr-def-values --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--defaultvalues, -e

Default value(s) to be deleted

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm delete-auth-cfgs

Delete authentication configurations

Usage: ssoadm delete-auth-cfgs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--names, -m

Name of authentication configurations.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm delete-auth-instances

Delete authentication instances

Usage: ssoadm delete-auth-instances --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--names, -m

Name of authentication instances.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm delete-cot

Delete circle of trust.

Usage: ssoadm delete-cot --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--cot, -t

Circle of Trust

--password-file, -f

File name that contains password of administrator.

[--realm, -e]

Realm where circle of trust resides

ssoadm delete-datastores

Delete data stores under a realm

Usage: ssoadm delete-datastores --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--names, -m

Names of datastore.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm delete-entity

Delete entity.

Usage: ssoadm delete-entity --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--entityid, -y

Entity ID

--password-file, -f

File name that contains password of administrator.

[--extendedonly, -x]

Set to flag to delete only extended data.

[--realm, -e]

Realm where data resides

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

ssoadm delete-identities

Delete identities in a realm

Usage: ssoadm delete-identities --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--file, -D]

Name of file that contains the identity names to be deleted.

[--idnames, -i]

Names of identites.

ssoadm delete-realm

Delete realm.

Usage: ssoadm delete-realm --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm to be deleted.

[--recursive, -r]

Delete descendent realms recursively.

ssoadm delete-realm-attr

Delete attribute from a realm.

Usage: ssoadm delete-realm-attr --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributename, -a

Name of attribute to be removed.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

ssoadm delete-server

Delete a server instance.

Usage: ssoadm delete-server --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://www.example.com:8080/fam

ssoadm delete-site

Delete a site.

Usage: ssoadm delete-site --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--sitename, -s

Site name, e.g. mysite

ssoadm delete-sub-cfg

Remove Sub Configuration.

Usage: ssoadm delete-sub-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Name of service.

--subconfigname, -g

Name of sub configuration.

[--realm, -e]

Name of realm (Sub Configuration shall be deleted from the global configuration if this option is not provided).

ssoadm delete-svc

Delete service from the server.

Usage: ssoadm delete-svc --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Service Name(s).

[--continue, -c]

Continue deleting service if one or more previous services cannot be deleted.

[--deletepolicyrule, -r]

Delete policy rule.

ssoadm delete-xacml

Delete XACML policies from a realm.

Usage: ssoadm delete-xacml --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--file, -D]

Name of file that contains the policy names to be deleted.

[--policynames, -p]

Names of policy to be deleted.

ssoadm do-batch

Do multiple requests in one command.

Usage: ssoadm do-batch --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--batchfile, -Z

Name of file that contains commands and options.

--password-file, -f

File name that contains password of administrator.

[--batchstatus, -b]

Name of status file.

[--continue, -c]

Continue processing the rest of the request when preceeding request was erroneous.

ssoadm do-bulk-federation

Perform bulk federation.

Usage: ssoadm do-bulk-federation --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--metaalias, -m

Specify metaAlias for local provider.

--nameidmapping, -e

Name of file that will be created by this sub command. It contains remote user Id to name identifier. It shall be used by remote provider to update user profile.

--password-file, -f

File name that contains password of administrator.

--remoteentityid, -r

Remote entity Id

--useridmapping, -g

File name of local to remote user Id mapping. Format <local-user-id>|<remote-user-id>.

[--spec, -c]

Specify metadata specification, either idff or saml2, defaults to saml2

ssoadm do-migration70

Migrate organization to realm.

Usage: ssoadm do-migration70 --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--entrydn, -e

Distinguished name of organization to be migrated.

--password-file, -f

File name that contains password of administrator.

ssoadm embedded-status

Status of embedded store.

Usage: ssoadm embedded-status --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--port, -p

Embedded store port

[--password, -w]

Embedded store password

ssoadm export-entity

Export entity.

Usage: ssoadm export-entity --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--entityid, -y

Entity ID

--password-file, -f

File name that contains password of administrator.

[--extended-data-file, -x]

Extended data

[--meta-data-file, -m]

Metadata

[--realm, -e]

Realm where data resides

[--sign, -g]

Set this flag to sign the metadata

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

ssoadm export-server

Export a server instance.

Usage: ssoadm export-server --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name

[--outfile, -o]

Filename where configuration was written.

ssoadm export-svc-cfg

Export service configuration. In production environments, you should back up the service configuration using file system utilities or the export-ldif command. Note that export-ldif/import-ldif commands must be on the same deployment where the encryption keys are located.

Usage: ssoadm export-svc-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--encryptsecret, -e

Secret key for encrypting password. Any arbitrary value can be specified.

--password-file, -f

File name that contains password of administrator.

[--outfile, -o]

Filename where configuration was written.

ssoadm get-attr-choicevals

Get choice values of attribute schema.

Usage: ssoadm get-attr-choicevals --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributename, -a

Name of attribute.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm get-attr-defs

Get default attribute values in schema.

Usage: ssoadm get-attr-defs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema. One of dynamic, global, or organization (meaning realm).

--servicename, -s

Name of service.

[--attributenames, -a]

Attribute name(s).

[--subschemaname, -c]

Name of sub schema.

ssoadm get-auth-cfg-entr

Get authentication configuration entries

Usage: ssoadm get-auth-cfg-entr --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of authentication configuration.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm get-auth-instance

Get authentication instance values

Usage: ssoadm get-auth-instance --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of authentication instance.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm get-identity

Get identity property values

Usage: ssoadm get-identity --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributenames, -a]

Attribute name(s). All attribute values shall be returned if the option is not provided.

ssoadm get-identity-svcs

Get the service in an identity

Usage: ssoadm get-identity-svcs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm get-realm

Get realm property values.

Usage: ssoadm get-realm --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

ssoadm get-realm-svc-attrs

Get realm’s service attribute values.

Usage: ssoadm get-realm-svc-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

ssoadm get-recording-status

Get the status of recording operations.

Usage: ssoadm get-recording-status --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://openam.example.com:8080/openam\

ssoadm get-revision-number

Get service schema revision number.

Usage: ssoadm get-revision-number --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Name of service.

ssoadm get-sub-cfg

Get sub configuration.

Usage: ssoadm get-sub-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Name of service.

--subconfigname, -g

Name of sub configuration.

[--realm, -e]

Name of realm (Sub Configuration shall be retrieved from the global configuration if this option is not provided).

ssoadm get-svrcfg-xml

Get server configuration XML from centralized data store

Usage: ssoadm get-svrcfg-xml --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://www.example.com:8080/fam

[--outfile, -o]

File name where serverconfig XML is written.

ssoadm import-bulk-fed-data

Import bulk federation data which is generated by 'do-bulk-federation' sub command.

Usage: ssoadm import-bulk-fed-data --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--bulk-data-file, -g

File name of bulk federation data which is generated by 'do-bulk-federation' sub command.

--metaalias, -m

Specify metaAlias for local provider.

--password-file, -f

File name that contains password of administrator.

[--spec, -c]

Specify metadata specification, either idff or saml2, defaults to saml2

ssoadm import-entity

Import entity.

Usage: ssoadm import-entity --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

[--cot, -t]

Specify name of the Circle of Trust this entity belongs.

[--extended-data-file, -x]

Specify file name for the extended entity configuration to be imported. Extended entity configuration to be imported.

[--meta-data-file, -m]

Specify file name for the standard metadata to be imported.<web>Standard metadata to be imported.

[--realm, -e]

Realm where entity resides.

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

ssoadm import-server

Import a server instance.

Usage: ssoadm import-server --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name

--xmlfile, -X

XML file that contains configuration.

ssoadm import-svc-cfg

Import service configuration. In production environments, you should restore the service configuration using file system utilities or the import-ldif command. Note that import-ldif/export-ldif commands must be on the same deployment where the encryption keys are located.

Usage: ssoadm import-svc-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--encryptsecret, -e

Secret key for decrypting password.

--password-file, -f

File name that contains password of administrator.

--xmlfile, -X

XML file that contains configuration data.

ssoadm list-agent-grp-members

List agents in agent group.

Usage: ssoadm list-agent-grp-members --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentgroupname, -b

Name of agent group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--filter, -x]

Filter (Pattern).

ssoadm list-agent-grps

List agent groups.

Usage: ssoadm list-agent-grps --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--agenttype, -t]

Type of agent. e.g. J2EEAgent, WebAgent

[--filter, -x]

Filter (Pattern).

ssoadm list-agents

List agent configurations.

Usage: ssoadm list-agents --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--agenttype, -t]

Type of agent. e.g. J2EEAgent, WebAgent

[--filter, -x]

Filter (Pattern).

ssoadm list-app-privs

List policy set privileges in a realm.

Usage: ssoadm list-app-privs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

ssoadm list-appl-types

List application types.

Usage: ssoadm list-appl-types --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm list-appls

List policy set in a realm.

Usage: ssoadm list-appls --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

ssoadm list-auth-cfgs

List authentication configurations

Usage: ssoadm list-auth-cfgs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm list-auth-instances

List authentication instances

Usage: ssoadm list-auth-instances --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm list-cot-members

List the members in a circle of trust.

Usage: ssoadm list-cot-members --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--cot, -t

Circle of Trust

--password-file, -f

File name that contains password of administrator.

[--realm, -e]

Realm where circle of trust resides

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

ssoadm list-cots

List circles of trust.

Usage: ssoadm list-cots --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

[--realm, -e]

Realm where circle of trusts reside

ssoadm list-datastore-types

List the supported data store types

Usage: ssoadm list-datastore-types --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm list-datastores

List data stores under a realm

Usage: ssoadm list-datastores --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm list-entities

List entities under a realm.

Usage: ssoadm list-entities --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

[--realm, -e]

Realm where entities reside.

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

ssoadm list-identities

List identities in a realm

Usage: ssoadm list-identities --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--filter, -x

Filter (Pattern).

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm list-identity-assignable-svcs

List the assignable service to an identity

Usage: ssoadm list-identity-assignable-svcs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm list-realm-assignable-svcs

List the assignable services to a realm.

Usage: ssoadm list-realm-assignable-svcs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm list-realms

List realms by name.

Usage: ssoadm list-realms --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm where search begins.

[--filter, -x]

Filter (Pattern).

[--recursive, -r]

Search recursively

ssoadm list-res-bundle

List resource bundle in data store.

Usage: ssoadm list-res-bundle --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--bundlename, -b

Resource Bundle Name.

--password-file, -f

File name that contains password of administrator.

[--bundlelocale, -o]

Locale of the resource bundle.

ssoadm list-server-cfg

List server configuration.

Usage: ssoadm list-server-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://www.example.com:8080/fam or enter default to list default server configuration.

[--withdefaults, -w]

Set this flag to get default configuration.

ssoadm list-servers

List all server instances.

Usage: ssoadm list-servers --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm list-sessions

List server-side sessions.

Usage: ssoadm list-sessions --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--host, -t

Host Name.

--password-file, -f

File name that contains password of administrator.

[--filter, -x]

Filter (Pattern).

[--quiet, -q]

Do not prompt for session invalidation.

ssoadm list-sites

List all sites.

Usage: ssoadm list-sites --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm list-xacml

Export policies in realm as XACML.

Usage: ssoadm list-xacml --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--namesonly, -n]

Returns only names of matching policies. Policies are not returned.

[--outfile, -o]

Filename where policy definition will be printed to. Definition will be printed in standard output if this option is not provided.

[--policynames, -p]

Names of policy. This can be a wildcard. All policy definition in the realm will be returned if this option is not provided.

ssoadm policy-export

Export policy configuration for a given realm

Usage: ssoadm policy-export --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--jsonfile, -J

JSON file for which to write the policy model to.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

--servername, -s

Server name, such as http://openam.example.com:8080/openam

ssoadm policy-import

Import policy model into a given realm

Usage: ssoadm policy-import --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--jsonfile, -J

JSON file containing the policy model to be imported.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

--servername, -s

Server name, such as http://openam.example.com:8080/openam

ssoadm register-auth-module

Registers authentication module.

Usage: ssoadm register-auth-module --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--authmodule, -a

Java class name of authentication module.

--password-file, -f

File name that contains password of administrator.

ssoadm remove-agent-from-grp

Remove agents from a agent group.

Usage: ssoadm remove-agent-from-grp --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentgroupname, -b

Name of agent group.

--agentnames, -s

Names of agents.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm remove-app-priv-resources

Remove policy set privilege resources. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.

Usage: ssoadm remove-app-priv-resources --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--application, -t

Policy set name

--name, -m

Name for the this delegation

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

[--resources, -r]

Resources to removed. All resources in the policy set will be removed if this option is absent.

ssoadm remove-app-priv-subjects

Remove policy set privilege subjects.

Usage: ssoadm remove-app-priv-subjects --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name for the this delegation

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

--subjects, -s

Subject name

--subjecttype, -b

Possible values are User or Group

ssoadm remove-app-privs

Remove policy set privileges.

Usage: ssoadm remove-app-privs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--names, -m

Names of policy set privileges to be removed

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

ssoadm remove-attr-choicevals

Remove choice values from attribute schema.

Usage: ssoadm remove-attr-choicevals --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributename, -a

Name of attribute.

--choicevalues, -k

Choice values such as Inactive

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm remove-attr-defs

Remove default attribute values in schema.

Usage: ssoadm remove-attr-defs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributenames, -a

Attribute name(s).

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm remove-cot-member

Remove a member from a circle of trust.

Usage: ssoadm remove-cot-member --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--cot, -t

Circle of Trust

--entityid, -y

Entity ID

--password-file, -f

File name that contains password of administrator.

[--realm, -e]

Realm where circle of trust resides

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

ssoadm remove-member

Remove membership of identity from another identity

Usage: ssoadm remove-member --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity

--memberidname, -m

Name of identity that is member.

--memberidtype, -y

Type of Identity of member such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm remove-plugin-schema

Add Plug-in interface to service.

Usage: ssoadm remove-plugin-schema --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--interfacename, -i

Name of interface.

--password-file, -f

File name that contains password of administrator.

--pluginname, -g

Name of Plug-in.

--servicename, -s

Name of service.

ssoadm remove-privileges

Remove privileges from an identity

Usage: ssoadm remove-privileges --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as Role and Group.

--password-file, -f

File name that contains password of administrator.

--privileges, -g

Name of privileges to be removed. Privilege names are AgentAdmin, ApplicationModifyAccess, ApplicationReadAccess, ApplicationTypesReadAccess, ConditionTypesReadAccess, DecisionCombinersReadAccess, EntitlementRestAccess, FederationAdmin, LogAdmin, LogRead, LogWrite, PolicyAdmin, PrivilegeRestAccess, PrivilegeRestReadAccess, RealmAdmin, RealmReadAccess, ResourceTypeModifyAccess, ResourceTypeReadAccess, SubjectAttributesReadAccess, and SubjectTypesReadAccess.

--realm, -e

Name of realm.

ssoadm remove-res-bundle

Remove resource bundle from data store.

Usage: ssoadm remove-res-bundle --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--bundlename, -b

Resource Bundle Name.

--password-file, -f

File name that contains password of administrator.

[--bundlelocale, -o]

Locale of the resource bundle.

ssoadm remove-server-cfg

Remove server configuration.

Usage: ssoadm remove-server-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--propertynames, -a

Name of properties to be removed.

--servername, -s

Server name, such as http://www.example.com:8080/fam or enter default to remove default server configuration.

ssoadm remove-site-members

Remove members from a site.

Usage: ssoadm remove-site-members --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servernames, -e

Server names, such as http://www.example.com:8080/fam

--sitename, -s

Site name, such as mysite

ssoadm remove-site-sec-urls

Remove Site Secondary URLs.

Usage: ssoadm remove-site-sec-urls --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--secondaryurls, -a

Secondary URLs

--sitename, -s

Site name, such as mysite

ssoadm remove-sub-schema

Remove sub schema.

Usage: ssoadm remove-sub-schema --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--subschemanames, -a

Name(s) of sub schema to be removed.

[--subschemaname, -c]

Name of parent sub schema.

ssoadm remove-svc-attrs

Remove service attribute values in a realm.

Usage: ssoadm remove-svc-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

[--attributevalues, -a]

Attribute values to be removed such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values to be removed.

ssoadm remove-svc-identity

Remove Service from an identity

Usage: ssoadm remove-svc-identity --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

ssoadm remove-svc-realm

Remove service from a realm.

Usage: ssoadm remove-svc-realm --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service to be removed.

ssoadm set-appl

Set policy set attributes. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.

Usage: ssoadm set-appl --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Policy set name

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

[--attributevalues, -a]

Attribute values such as applicationType=iPlanetAMWebAgentService.

[--datafile, -D]

Name of file that contains attribute values data. Possible attributes are resources, subjects, conditions, actions, searchIndexImpl, saveIndexImpl, resourceComparator, subjectAttributeNames and entitlementCombiner.

ssoadm set-attr-any

Set any member of attribute schema.

Usage: ssoadm set-attr-any --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--any, -y

Attribute Schema Any value

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-bool-values

Set boolean values of attribute schema.

Usage: ssoadm set-attr-bool-values --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributename, -a

Name of attribute.

--falsei18nkey, -j

Internationalization key for false value.

--falsevalue, -z

Value for false.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--truei18nkey, -k

Internationalization key for true value.

--truevalue, -e

Value for true.

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-choicevals

Set choice values of attribute schema.

Usage: ssoadm set-attr-choicevals --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributename, -a

Name of attribute.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--add, -p]

Set this flag to append the choice values to existing ones.

[--choicevalues, -k]

Choice value such as o102=Inactive.

[--datafile, -D]

Name of file that contains attribute values data.

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-defs

Set default attribute values in schema.

Usage: ssoadm set-attr-defs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-end-range

Set attribute schema end range.

Usage: ssoadm set-attr-end-range --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--range, -r

End range

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-i18n-key

Set i18nKey member of attribute schema.

Usage: ssoadm set-attr-i18n-key --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--i18nkey, -k

Attribute Schema I18n Key

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-start-range

Set attribute schema start range.

Usage: ssoadm set-attr-start-range --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--range, -r

Start range

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-syntax

Set syntax member of attribute schema.

Usage: ssoadm set-attr-syntax --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--syntax, -x

Attribute Schema Syntax

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-type

Set type member of attribute schema.

Usage: ssoadm set-attr-type --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--type, -p

Attribute Schema Type

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-ui-type

Set UI type member of attribute schema.

Usage: ssoadm set-attr-ui-type --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--uitype, -p

Attribute Schema UI Type

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-validator

Set attribute schema validator.

Usage: ssoadm set-attr-validator --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--validator, -r

validator class name

[--subschemaname, -c]

Name of sub schema.

ssoadm set-attr-view-bean-url

Set properties view bean URL member of attribute schema.

Usage: ssoadm set-attr-view-bean-url --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--attributeschema, -a

Name of attribute schema

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--url, -r

Attribute Schema Properties View Bean URL

[--subschemaname, -c]

Name of sub schema.

ssoadm set-entitlement-conf

Set entitlements service configuration

Usage: ssoadm set-entitlement-conf --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

[--attributevalues, -a]

Attribute values such as evalThreadSize=4.

[--datafile, -D]

Name of file that contains attribute values data. Possible attributes are evalThreadSize, searchThreadSize, policyCacheSize and indexCacheSize.

ssoadm set-identity-attrs

Set attribute values of an identity

Usage: ssoadm set-identity-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm set-identity-svc-attrs

Set service attribute values of an identity

Usage: ssoadm set-identity-svc-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm set-inheritance

Set Inheritance value of Sub Schema.

Usage: ssoadm set-inheritance --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--inheritance, -r

Value of Inheritance.

--password-file, -f

File name that contains password of administrator.

--schematype, -t

Type of schema.

--servicename, -s

Name of service.

--subschemaname, -c

Name of sub schema.

ssoadm set-plugin-viewbean-url

Set properties view bean URL of plug-in schema.

Usage: ssoadm set-plugin-viewbean-url --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--interfacename, -i

Name of interface.

--password-file, -f

File name that contains password of administrator.

--pluginname, -g

Name of Plug-in.

--servicename, -s

Name of service.

--url, -r

Properties view bean URL.

ssoadm set-realm-attrs

Set attribute values of a realm.

Usage: ssoadm set-realm-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

[--append, -p]

Set this flag to append the values to existing ones.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm set-realm-svc-attrs

Set attribute values of a service that is assigned to a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.

Usage: ssoadm set-realm-svc-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

[--append, -p]

Set this flag to append the values to existing ones.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm set-revision-number

Set service schema revision number.

Usage: ssoadm set-revision-number --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--revisionnumber, -r

Revision Number

--servicename, -s

Name of service.

ssoadm set-site-id

Set the ID of a site.

Usage: ssoadm set-site-id --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--siteid, -i

Site’s ID, such as 10

--sitename, -s

Site name, such as mysite

ssoadm set-site-pri-url

Set the primary URL of a site.

Usage: ssoadm set-site-pri-url --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--sitename, -s

Site name, such as mysite

--siteurl, -i

Site’s primary URL, such as http://site.www.example.com:8080

ssoadm set-site-sec-urls

Set Site Secondary URLs.

Usage: ssoadm set-site-sec-urls --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--secondaryurls, -a

Secondary URLs

--sitename, -s

Site name, such as mysite

ssoadm set-sub-cfg

Set sub configuration. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.

Usage: ssoadm set-sub-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--operation, -o

Operation (either add/set/delete) to be performed on the sub configuration.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Name of service.

--subconfigname, -g

Name of sub configuration.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

[--realm, -e]

Name of realm (Sub Configuration shall be set to global configuration if this option is not provided).

ssoadm set-svc-attrs

Set service attribute values in a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.

Usage: ssoadm set-svc-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm set-svc-i18n-key

Set service schema i18n key.

Usage: ssoadm set-svc-i18n-key --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--i18nkey, -k

I18n Key.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Name of service.

ssoadm set-svc-view-bean-url

Set service schema properties view bean URL.

Usage: ssoadm set-svc-view-bean-url --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servicename, -s

Name of service.

--url, -r

Service Schema Properties View Bean URL

ssoadm set-svrcfg-xml

Set server configuration XML to centralized data store

Usage: ssoadm set-svrcfg-xml --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://www.example.com:8080/fam

--xmlfile, -X

XML file that contains configuration.

ssoadm show-agent

Show agent profile.

Usage: ssoadm show-agent --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentname, -b

Name of agent.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--includepassword, -p]

Include the hashed password in the export.

[--inherit, -i]

Set this to inherit properties from parent group.

[--outfile, -o]

Filename where configuration is written to.

ssoadm show-agent-grp

Show agent group profile.

Usage: ssoadm show-agent-grp --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentgroupname, -b

Name of agent group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--outfile, -o]

Filename where configuration is written to.

ssoadm show-agent-membership

List agent’s membership.

Usage: ssoadm show-agent-membership --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentname, -b

Name of agent.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm show-agent-types

Show agent types.

Usage: ssoadm show-agent-types --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm show-app-priv

Show policy set privilege.

Usage: ssoadm show-app-priv --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of policy set privilege

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

ssoadm show-appl

Show policy set attributes.

Usage: ssoadm show-appl --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Policy set name

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

ssoadm show-appl-type

Show application type details.

Usage: ssoadm show-appl-type --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Application Type name

--password-file, -f

File name that contains password of administrator.

ssoadm show-auth-modules

Show the supported authentication modules in the system.

Usage: ssoadm show-auth-modules --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm show-data-types

Show the supported data type in the system.

Usage: ssoadm show-data-types --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm show-datastore

Show data store profile.

Usage: ssoadm show-datastore --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of datastore.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm show-entitlement-conf

Display entitlements service configuration

Usage: ssoadm show-entitlement-conf --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

ssoadm show-identity-ops

Show the allowed operations of an identity a realm

Usage: ssoadm show-identity-ops --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm show-identity-svc-attrs

Show the service attribute values of an identity

Usage: ssoadm show-identity-svc-attrs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

--servicename, -s

Name of service.

ssoadm show-identity-types

Show the supported identity type in a realm

Usage: ssoadm show-identity-types --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm show-members

Show the members of an identity. For example show the members of a role

Usage: ssoadm show-members --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--membershipidtype, -m

Membership identity type.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm show-memberships

Show the memberships of an identity. For sample show the memberships of an user.

Usage: ssoadm show-memberships --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such as User, Role and Group.

--membershipidtype, -m

Membership identity type.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm show-privileges

Show privileges assigned to an identity

Usage: ssoadm show-privileges --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--idname, -i

Name of identity.

--idtype, -t

Type of Identity such Role and Group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

ssoadm show-realm-svcs

Show services in a realm.

Usage: ssoadm show-realm-svcs --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--mandatory, -y]

Include Mandatory services.

ssoadm show-site

Show site profile.

Usage: ssoadm show-site --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--sitename, -s

Site name, such as mysite

ssoadm show-site-members

Display members of a site.

Usage: ssoadm show-site-members --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--sitename, -s

Site name, such as mysite

ssoadm start-recording

Start recording a bundle that contains troubleshooting information, including debug logs, thread dumps, and environment information.

Usage: ssoadm start-recording --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--jsonfile, -J

JSON control file for a recording operation.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://openam.example.com:8080/openam

ssoadm stop-recording

Stop an active recording operation.

Usage: ssoadm stop-recording --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://openam.example.com:8080/openam

ssoadm unregister-auth-module

Unregisters authentication module.

Usage: ssoadm unregister-auth-module --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--authmodule, -a

Java class name of authentication module.

--password-file, -f

File name that contains password of administrator.

ssoadm update-agent

Update agent configuration.

Usage: ssoadm update-agent --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentname, -b

Name of agent.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Properties such as homeaddress=here.

[--datafile, -D]

Name of file that contains properties.

[--set, -s]

Set this flag to overwrite properties values.

ssoadm update-agent-grp

Update agent group configuration.

Usage: ssoadm update-agent-grp --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--agentgroupname, -b

Name of agent group.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Properties such as homeaddress=here.

[--datafile, -D]

Name of file that contains properties.

[--set, -s]

Set this flag to overwrite properties values.

ssoadm update-app-priv

Update a policy set privilege.

Usage: ssoadm update-app-priv --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name for the this delegation

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

[--actions, -a]

Possible values are READ, MODIFY, DELEGATE, ALL

[--description, -p]

Description for the this delegation.

ssoadm update-app-priv-resources

Set policy set privilege resources. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.

Usage: ssoadm update-app-priv-resources --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--application, -t

Policy set name

--name, -m

Name for the this delegation

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

[--add, -p]

Resources are added to this policy set if this option is set. Otherwise, resources in the current policy set privilege will be overwritten.

[--resources, -r]

Resources to delegate. All resources in the policy set will be delegated if this option is absent.

ssoadm update-app-priv-subjects

Set policy set privilege subjects.

Usage: ssoadm update-app-priv-subjects --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name for the this delegation

--password-file, -f

File name that contains password of administrator.

--realm, -e

Realm name

--subjects, -s

Subject name

--subjecttype, -b

Possible values are User or Group

[--add, -p]

Subjects are added to this policy set if this option is set. Otherwise, subjects in the current policy set privilege will be overwritten.

ssoadm update-auth-cfg-entr

Set authentication configuration entries

Usage: ssoadm update-auth-cfg-entr --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of authentication configuration.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--datafile, -D]

Name of file that contains formatted authentication configuration entries in this format name|flag|options. option can be REQUIRED, OPTIONAL, SUFFICIENT, REQUISITE, such as myauthmodule|REQUIRED|my options.

[--entries, -a]

Formatted authentication configuration entries in this format name|flag|options. Option can be REQUIRED, OPTIONAL, SUFFICIENT, REQUISITE, such as myauthmodule|REQUIRED|my options.

ssoadm update-auth-cfg-props

Set authentication configuration properties

Usage: ssoadm update-auth-cfg-props --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of authentication configuration.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

authentication configuration properties, valid configuration keys are: iplanet-am-auth-login-failure-url, iplanet-am-auth-login-success-url and iplanet-am-auth-post-login-process-class.

[--datafile, -D]

Name of file that contains authentication configuration properties.

ssoadm update-auth-instance

Update authentication instance values

Usage: ssoadm update-auth-instance --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of authentication instance.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm update-datastore

Update data store profile.

Usage: ssoadm update-datastore --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--name, -m

Name of datastore.

--password-file, -f

File name that contains password of administrator.

--realm, -e

Name of realm.

[--attributevalues, -a]

Attribute values such as sunIdRepoClass=com.sun.identity.idm.plugins.files.FilesRepo.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm update-entity-keyinfo

Update XML signing and encryption key information in hosted entity metadata.

Usage: ssoadm update-entity-keyinfo --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--entityid, -y

Entity ID

--password-file, -f

File name that contains password of administrator.

[--idpecertalias, -g]

Identity provider encryption certificate aliases.

[--idpscertalias, -b]

Identity provider signing certificate aliases

[--realm, -e]

Realm where entity resides.

[--specertalias, -r]

Service provider encryption certificate aliases

[--spec, -c]

Specify metadata specification, either wsfed, idff or saml2, defaults to saml2

[--spscertalias, -a]

Service provider signing certificate aliases

ssoadm update-server-cfg

Update server configuration.

Usage: ssoadm update-server-cfg --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--servername, -s

Server name, such as http://www.example.com:8080/fam, or enter default to update default server configuration.

[--attributevalues, -a]

Attribute values such as homeaddress=here.

[--datafile, -D]

Name of file that contains attribute values data.

ssoadm update-svc

Update service.

Usage: ssoadm update-svc --options [--global-options]

Options
--adminid, -u

Administrator ID of running the command.

--password-file, -f

File name that contains password of administrator.

--xmlfile, -X

XML file(s) that contains schema.

[--continue, -c]

Continue updating service if one or more previous services cannot be updated.