SecurityRealmInfoCommands (AdminTask)
We can use the Jython scripting language to manage security realm configurations with wsadmin.sh. Use commands in the SecurityRealmInfoCommands group to query and manage trusted realms.
(zos) Avoid trouble: If we use LocalOS as the active user registry, verify that the users and groups used by the commands in the SecurityRealmInfoCommands command group have a valid OMVS segment. gotcha
Use the following commands to manage trusted realms in the security configuration:
- addTrustedRealms
- configureTrustedRealms
- listRegistryGroups
- listRegistryUsers
- listSecurityRealms
- listTrustedRealms
- removeTrustedRealms
- unconfigureTrustedRealms
addTrustedRealms
The addTrustedRealms command adds a realm or list of realms to the list of trusted realms for global security or in a security domain.
Target object: None.
Required parameters
- -communicationType
- Whether to trusted realms to inbound or outbound communication. Specify inbound to configure inbound communication. Specify outbound to configure outbound communication. (String)
Optional parameters
- -securityDomainName
- Name of the security domain of interest. If we do not specify a value for this parameter, the command uses the global security configuration. (String)
- -realmList
- Specifies a realm or list of realms to configure as trusted realms. (String)
Separate each realm in the list with the pipe character (|) as the following example demonstrates: realm1|realm2|realm3
Return value
The command does not return output.
Batch mode example
- Jython string...
AdminTask.addTrustedRealms('-communicationType inbound -securityDomainName testDomain')
- Jython list:
AdminTask.addTrustedRealms(['-communicationType', 'inbound', '-securityDomainName', 'testDomain'])
Interactive mode
- Jython:
AdminTask.addTrustedRealms('-interactive')
configureTrustedRealms
The configureTrustedRealms command configures trusted realms. Use this command to replace the list of trusted realms and to clear each realm from the list. To add realms to the trusted realm list, use the addInboundTrustedRealm command.
Target object: None.
Required parameters
- -communicationType
- Whether to configure the security domains, realms, or global security configuration for inbound or outbound communication. Specify inbound to configure inbound communication. Specify outbound to configure outbound communication. (String)
Optional parameters
- -securityDomainName
- Name of the security domain of interest. If we do not specify a value for this parameter, the command uses the global security configuration. (String)
- -realmList
- List of realms to configure as trusted realms. (String)
Separate each realm in the list with the pipe character (|) as the following example demonstrates: realm1|realm2|realm3
- -trustAllRealms
- Whether to trust all realms. Specify true to trust all realms. If we specify true for this parameter, the command does not use the -realmList parameter. (Boolean)
Return value
The command does not return output.
Batch mode example
- Jython string...
AdminTask.configureTrustedRealms('-communicationType inbound -realmList realm1|realm2|realm3')
- Jython list:
AdminTask.configureTrustedRealms(['-communicationType', 'inbound', '-realmList', 'realm1|realm2|realm3'])
Interactive mode
- Jython string...
AdminTask.configureTrustedRealms('-interactive')
- Jython list:
listRegistryGroups
The listRegistryGroups command displays the groups in the user registry that belong to the security realm, security domain, or resource name of interest.
Target object: None.
Optional parameters
- -securityRealmName
- Specifies name of the security realm of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. (String)
- -resourceName
- Name of the resource of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. (String)
- -securityDomainName
- Name of the security domain of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters.(String)
- -displayAccessIds
- Whether to display the access IDs for each group. Specify true to display the access ID and group name for each group that the command returns. (Boolean)
- -groupFilter
- Specifies a filter that the command uses to query for groups. For example, specify test* to return groups that begin with the test string. By default, the command returns all groups. (String)
- -numberOfGroups
- Number of groups to return. The default number of groups that the command displays is 20. (Integer)
Return value
The command returns an array of group names. If we specified the -displayAccessId parameter, the command returns an array of attribute lists which contain the group name and group access ID.
Batch mode example
- Jython string...
AdminTask.listRegistryGroups('-securityDomainName myTestDomain -groupFilter test* -numberOfGroups 10')
- Jython list:
AdminTask.listRegistryGroups(['-securityDomainName', 'myTestDomain', '-groupFilter', 'test*', '-numberOfGroups', '10'])
Interactive mode
- Jython:
AdminTask.listRegistryGroups('-interactive')
(zos) Avoid trouble: If we list the groups in the user registry that belong to the security realm, security domain, or resource name of interest, you must ensure that we add an OMVS segment (where the user and group information is stored) to any group to use with WebSphere Application Server.gotcha
listRegistryUsers
The listRegistryUsers command displays the users in the user registry for a specific security realm, resource name, or domain name.
Target object: None.
Optional parameters
- -securityDomainName
- Name of the security domain of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. If we do not specify the securityDomainName, resourceName, or securityRealmName parameter, the system uses the active user registry from the global security configuration. (String)
- -resourceName
- Name of the resource of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. If we do not specify the securityDomainName, resourceName, or securityRealmName parameter, the system uses the active user registry from the global security configuration. (String)
- -securityRealmName
- Name of the security realm of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. If we do not specify the securityDomainName, resourceName, or securityRealmName parameter, the system uses the active user registry from the global security configuration. (String)
- -displayAccessIds
- Whether to display the access IDs for each group. Specify true to display the access ID and group name for each group that the command returns. (Boolean)
- -userFilter
- Filter that the command uses to query for users. For example, specify test* to display each user name that starts with the test string. By default, the command returns all users. (String)
- -numberOfUsers
- Number of users to return. The default number of groups that the command displays is 20. (Integer)
Return value
The command returns an array of user names. If we specify the -displayAccessId parameter, the command returns an array of attribute lists containing the user ID and user access IDs.
Batch mode example
- Jython string...
AdminTask.listRegistryUsers('-securityRealmName defaultWIMFileBasedRealm -displayAccessIds true')
- Jython list:
AdminTask.listRegistryUsers(['-securityRealmName', 'defaultWIMFileBasedRealm', '-displayAccessIds', 'true'])
Interactive mode
- Jython:
AdminTask.listRegistryUsers('-interactive')
(zos) Avoid trouble: If we list the users in the user registry for a specific security realm, resource name, or domain name, you must ensure that we add an OMVS segment (where the user and group information is stored) to any user to use with WebSphere Application Server.gotcha
listSecurityRealms
The listSecurityRealms command displays each security realm from global security configuration and the security domains.
Target object: None.
Return value
The command returns an array of realm names.
Batch mode example usage
- Jython string...
AdminTask.listSecurityRealms()
- Jython list:
AdminTask.listSecurityRealms()
Interactive mode
- Jython:
AdminTask.listSecurityRealms('-interactive')
listTrustedRealms
The listTrustedRealms command displays a list of trusted realms for a security domain, resource, or realm. If we do not specify a security domain, resource name, or realm name, then the command returns a list of trusted realms from the global security configuration. The securityRealmName, resourceName, and securityDomainName parameters are mutually exclusive.
Target object: None.
Required parameters
- -communicationType
- Whether to list the trusted realms for inbound or outbound communication. Specify inbound to configure inbound communication. Specify outbound to configure outbound communication. (String)
Optional parameters
- -securityRealmName
- Specifies name of the security realm of interest. If we use this parameter, do not use the resourceName or securityDomainName parameters. (String)
- -resourceName
- Name of the resource of interest. If we use this parameter, do not use the securityRealmName or securityDomainName parameters. (String)
- -securityDomainName
- Name of the security domain of interest. If we use this parameter, do not use the resourceName or securityRealmName parameters. (String)
- -expandRealmList
- Whether to return each realm name when the trustAllRealms property is enabled. Specify true to return each realm name. Specify false to return the trustAllRealms property. (Boolean)
- -includeCurrentRealm
- Whether to include the current realm in the list of trusted realms. Specify true to include the current realm, or specify false to exclude the current realm from the list of trusted realms. (Boolean)
Return value
The command returns an array of trusted realm names. If the realm, resource, or security domain of interest is configured to trust all realms, the command returns the trustAllRealms string.
Batch mode example usage
- Jython string...
AdminTask.listTrustedRealms('-communicationType inbound -resourceName myApplication')
- Jython list:
AdminTask.listTrustedRealms(['-communicationType', 'inbound', '-resourceName', 'myApplication'])
Interactive mode
- Jython:
AdminTask.listTrustedRealms('-interactive')
removeTrustedRealms
The removeTrustedRealms command removes realms from a trusted realm list in a security domain or in the global security configuration.
Target object: None.
Required parameters
- -communicationType
- Whether to remove trusted realms from inbound or outbound communication. Specify inbound to configure inbound communication. Specify outbound to configure outbound communication. (String)
- -realmList
- List of realms to remove from trusted realms. (String)
Separate each realm in the list with the pipe character (|) as the following example demonstrates: realm1|realm2|realm3
Optional parameters
- -securityDomainName
- Name of the security domain of interest. If we do not specify a security domain, the command uses the global security configuration. (String)
Return value
The command does not return output.
Batch mode example
- Jython string...
AdminTask.removeTrustedRealms('-communicationType inbound -realmList realm1|realm2|realm3')
- Jython list:
AdminTask.removeTrustedRealms(['-communicationType inbound -realmList realm1|realm2|realm3'])
Interactive mode
- Jython:
AdminTask.removeTrustedRealms('-interactive')
unconfigureTrustedRealms
The unconfigureTrustedRealms command removes the trusted realm object from the configuration.
Target object: None.
Required parameters
- -communicationType
- Whether to unconfigure the trusted realms for inbound or outbound communication. Specify inbound to remove inbound communication configurations. Specify outbound to remove outbound communication configurations. (String)
Optional parameters
- -securityDomainName
- Name of the security domain of interest. If we do not specify a security domain, the command uses the global security configuration. (String)
Return value
The command does not return output.
Batch mode example
- Jython string...
AdminTask.unconfigureTrustedRealms('-communicationType inbound -securityDomainName testDomain')
- Jython list:
AdminTask.unconfigureTrustedRealms(['-communicationType', 'inbound', '-securityDomainName', 'testDomain'])
Interactive mode
- Jython string...
AdminTask.unconfigureTrustedRealms('-interactive')
Related tasks
Configure multiple security domains
SecurityConfigurationCommands (AdminTask) SecurityDomainCommands (AdminTask)