+

Search Tips   |   Advanced Search

SecurityConfigurationCommands

Use the Jython scripting language to configure security with the wsadmin tool. Use the commands in the SecurityConfigurationCommands group to configure and manage user registries, single sign-on, data entries, trust association, login modules, and interceptors.


configureAdminCustomUserRegistry

Configure a custom user registry in the global security configuration.

This command is not supported in a local mode.

Target object: None.

Optional parameters:

Return value. The command does not return output.

Batch mode example usage

Interactive mode example usage


configureAdminLDAPUserRegistry

Configure an LDAP user registry in the global security configuration.

This command is not supported in a local mode.

Target object: None.

Optional parameters:

Return value. The command does not return output.

Batch mode example usage

Interactive mode example usage


configureAdminLocalOSUserRegistry

Configure a local operating system user registry in the global security configuration.

This command is not supported in a local mode.

Target object: None.

Optional parameters:

Return value. The command does not return output.

Batch mode example usage

Interactive mode example usage


configureAdminWIMUserRegistry

Configure a federated repository user registry in the administrative security configuration.

This command is not supported in a local mode.

Target object: None.

Optional parameters:

Return value. The command does not return output.

Batch mode example usage

Interactive mode example usage


configureAppCustomUserRegistry

application security domain.

This command is not supported in a local mode.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. (String)

Optional parameters:

    -realmName Realm of the user registry. The system automatically generates a realm name if we do not specify a value for the -realmName parameter. (String)
    -customRegClass Class name that implements the UserRegistry interface in com.ibm.websphere.security property. (String)
    -ignoreCase Specifies whether authorization is case-sensitive. Specify true to ignore the case during authorization. (Boolean)
    -verifyRegistry Specifies whether to verify that the user registry configuration is correct. If true, then the system verifies the registry by making a call to the user registry to verify the admin ID. If we specify a server ID and password, then the system verifies the user and password with the user registry. Set the parameter to false to store the attributes in the configuration without validation. The command verifies the registry configuration by default. (Boolean)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureAppCustomUserRegistry('-securityDomainName testDomain -realmName server.domain:port_number')
    AdminTask.configureAppCustomUserRegistry('-securityDomainName testDomain -realmName server.domain:port_number -ignoreCase true')

  • Jython list: AdminTask.configureAppCustomUserRegistry(['-securityDomainName', 'testDomain', '-realmName', 'server.domain:port_number'])
    AdminTask.configureAppCustomUserRegistry(['-securityDomainName', 'testDomain', '-realmName', 'server.domain:port_number', '-ignoreCase true'])

Interactive mode example usage

  • Jython: AdminTask.configureAppCustomUserRegistry('-interactive')


configureAppLDAPUserRegistry

Configure LDAP user registries in a security configuration or a global security configuration.

This command is not supported in a local mode.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. (String)

Optional parameters:

    -realmName Realm of the user registry. The system automatically generates a realm name if we do not specify a value for the -realmName parameter. (String)
    -ignoreCase Specifies whether authorization is case-sensitive. Specify true to ignore the case during authorization. (Boolean)
    -verifyRegistry Specifies whether to verify that the user registry configuration is correct. If true, then the system verifies the registry by making a call to the user registry to verify the admin ID. If we specify a server ID and password, then the system verifies the user and password with the user registry. Set the parameter to false to store the attributes in the configuration without validation. The command verifies the registry configuration by default. (Boolean)
    -ldapServerType Type of LDAP server. The default type is IBM_DIRECTORY_SERVER. (String)

    Specify one of the following valid values:

    • IBM_DIRECTORY_SERVER
    • IPLANET
    • NETSCAPE
    • NDS
    • DOMINO502
    • SECUREWAY
    • ACTIVE_DIRECTORY
    • CUSTOM

    -ldapHost Host name of the LDAP server. (String)
    -ldapPort Port the system uses to access the LDAP server. The default is 389. (String)
    -baseDN Base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches of the directory service. In most cases, bind DN and bind password are needed. However, when anonymous bind can satisfy all of the required functions, bind DN and bind password are not needed. (String)
    -bindDN Distinguished name for the application server, which is used to bind to the directory service. (String)
    -bindPassword Binding DN password for the LDAP server. (String)
    -searchTimeout Timeout value in seconds for an LDAP server to respond before stopping a request. The default is 120 seconds. (Long Integer)
    -reuseConnection Specifies whether the server reuses the LDAP connection. By default, this option is enabled. Specify false for this parameter only in rare situations where a router is used to distribute requests to multiple LDAP servers and when the router does not support affinity. (Boolean)

    When we disable the reuse of the LDAP connection, the application server creates a new LDAP connection for every LDAP search request. This situation impacts system performance if the environment requires extensive LDAP calls. This option is provided because the router is not sending the request to the same LDAP server. The option is also used when the idle connection timeout value or firewall timeout value between the application server and LDAP is too small.

    -userFilter LDAP filter clause the system uses to search the user registry for users. The default is the default user filter for the LDAP server type. (String)
    -groupFilter LDAP filter clause the system uses to search the user registry for groups. The default is the default group filter for the LDAP server type. (String)
    -userIdMap LDAP filter that maps the short name of a user to an LDAP entry. The default is the default user filter for the LDAP server type. (String)
    -groupIdMap LDAP filter that maps the short name of a group to an LDAP entry. The default is the default group filter for the LDAP server type. (String)
    -groupMemberIdMap LDAP filter that identifies users to group memberships. (String)
    -certificateMapMode Specifies whether to map X.509 certificates into an LDAP directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified certificate filter for the mapping. (String)
    -certificateFilter Filter certificate mapping property for the LDAP filter. The filter is used to map attributes in the client certificate to entries in the LDAP registry. (String)

    The syntax or structure of this filter is: (&(uid=${SubjectCN})(objectclass=inetOrgPerson)). The left side of the filter specification is an LDAP attribute that depends on the schema that the LDAP server is configured to use. The right side of the filter specification is one of the public attributes in the client certificate. The right side must begin with a dollar sign ($) and open bracket ({) and end with a close bracket (}). Use the following certificate attribute values on the right side of the filter specification. The case of the strings is important:

    • ${UniqueKey}
    • ${PublicKey}
    • ${Issuer}
    • ${NotAfter}
    • ${NotBefore}
    • ${SerialNumber}
    • ${SigAlgName}
    • ${SigAlgOID}
    • ${SigAlgParams}
    • ${SubjectCN}
    • ${Version}

    -krbUserFilter Default value is the default user filter for the LDAP server type. (String)
    -nestedGroupSearch Specifies whether to perform a recursive nested group search. Specify true to perform a recursive nested group search, or specify false to disable recursive nested group searching. (Boolean)
    -sslEnabled Enable SSL. Specify true to enable an SSL connection to the LDAP server. (Boolean)
    -sslConfig The SSL configuration alias to use for the secure LDAP connection. (String)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)
    -resetDefaultFilters Specify true, to reset all of the filter values to the default value of the LDAP server type. The default value for this parameter is false. The LDAP filter attributes reset are: userFilter, groupFilter, userIdMap, groupIdMap, groupMemberIdMap and krbUserFilter. If any of the other filter flags are used to specify a filter value on the command line at the same time resetDefaultFilter is set to true, the filter value specified is used. Any filter not specified on the command line at the time is reset to the default value of the LDAP server type.

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureAppLDAPUserRegistry('-securityDomainName testDomain -ldapServerType NETSCAPE -ldapHost 195.168.1.1 -searchTimeout 300')

  • Jython list: AdminTask.configureAppLDAPUserRegistry(['-securityDomainName', 'testDomain', '-ldapServerType', 'NETSCAPE', '-ldapHost', '195.168.1.1', '-searchTimeout', '300'])

Interactive mode example usage

  • Jython: AdminTask.configureAppLDAPUserRegistry('-interactive')


configureAppLocalOSUserRegistry

Configure a local operating system user registry in a security domain.

This command is not supported in a local mode.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. (String)

Optional parameters:

    -realmName Realm of the user registry. The system automatically generates a realm name if we do not specify a value for the -realmName parameter. (String)
    -ignoreCase Specifies whether authorization is case-sensitive. Specify true to ignore the case during authorization. (Boolean)
    -verifyRegistry Specifies whether to verify that the user registry configuration is correct. If true, then the system verifies the registry by making a call to the user registry to verify the admin ID. If we specify a server ID and password, then the system verifies the user and password with the user registry. Set the parameter to false to store the attributes in the configuration without validation. The command verifies the registry configuration by default. (Boolean)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureAppLocalOSUserRegistry('-securityDomainName testDomain')

    AdminTask.configureAppLocalOSUserRegistry('-securityDomainName testDomain -ignoreCase true')

  • Jython list: AdminTask.configureAppLocalOSUserRegistry(['-securityDomainName', 'testDomain'])

    AdminTask.configureAppLocalOSUserRegistry(['-securityDomainName', 'testDomain', '-ignoreCase', 'true'])

Interactive mode example usage

  • Jython: AdminTask.configureAppLocalOSUserRegistry('-interactive')


configureAppWIMUserRegistry

Configure federated repository user registries in a security domain.

This command is not supported in a local mode.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. (String)

Optional parameters:

    -realmName Realm of the user registry. The system automatically generates a realm name if we do not specify a value for the -realmName parameter. (String)
    -ignoreCase Specifies whether authorization is case-sensitive. Specify true to ignore the case during authorization. (Boolean)
    -verifyRegistry Specifies whether to verify that the user registry configuration is correct. If true, then the system verifies the registry by making a call to the user registry to verify the admin ID. If we specify a server ID and password, then the system verifies the user and password with the user registry. Set the parameter to false to store the attributes in the configuration without validation. The command verifies the registry configuration by default. (Boolean)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)
    -useGlobalFederatedRepository Specifies whether to use the same instance of federated repository for the domain as is defined in the global domain. Specify true to use the same instance as defined in the global domain. (Boolean)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureAppWIMUserRegistry('-securityDomainName testDomain -realmName testRealm')

  • Jython list: AdminTask.configureAppWIMUserRegistry(['-securityDomainName', 'testDomain', '-realmName', 'testRealm'])

Interactive mode example usage

  • Jython: AdminTask.configureAppWIMUserRegistry('-interactive')


getLTPATimeout

Display the number of seconds the system waits before the LTPA request reaches timeout.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

Return the number of seconds that the server waits before the LTPA request is cancelled.

Batch mode example usage

  • Jython string: AdminTask.getLTPATimeout('-securityDomainName testDomain')

  • Jython list: AdminTask.getLTPATimeout(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getLTPATimeout('-interactive')


setLTPATimeout

Set the amount of time the system waits before the LTPA request becomes invalid.

Target object None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration. (String)
    -timeout Amount of time, in seconds, before the request times out. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.setLTPATimeout('-timeout 120')

  • Jython list: AdminTask.setLTPATimeout(['-timeout', '120'])

Interactive mode example usage

  • Jython: AdminTask.setLTPATimeout('-interactive')


getUserRegistryInfo

Display information about a user registry in a security domain or in the global security configuration. If we do not specify a value for the -userRegistryType parameter, the command returns the active user registry information.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)
    -userRegistryType Type of user registry. Specify LDAPUserRegistry for LDAP user registries. Specify WIMUserRegistry for federated repository user registries. Specify CustomUserRegistry for custom user registries. Specify LocalOSUserRegisty for local operating system user registries. (String)

Return value.

The command returns configuration information in the form of attribute and value pairs for the user registry object of interest.

Batch mode example usage

  • Jython string: AdminTask.getUserRegistryInfo('-securityDomainName testDomain -userRegistryType LDAPUserRegistry')

  • Jython list: AdminTask.getUserRegistryInfo(['-securityDomainName', 'testDomain', '-userRegistryType', 'LDAPUserRegistry'])

Interactive mode example usage

  • Jython: AdminTask.getUserRegistryInfo('-interactive')


unconfigureUserRegistry

Modify the user registry. For a global security configuration, the command reduces the user registry to the minimum registry values. For application-level security, the command removes the user registry from the security domain of interest.

Target object: None.

Required parameters:

    -userRegistryType Type of user registry. Specify LDAPUserRegistry for LDAP user registries. Specify WIMUserRegistry for federated repository user registries. Specify CustomUserRegistry for custom user registries. Specify LocalOSUserRegisty for local operating system user registries. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unconfigureUserRegistry('-userRegistryType WIMUserRegistry -securityDomainName testDomain')

  • Jython list: AdminTask.unconfigureUserRegistry(['-userRegistryType', 'WIMUserRegistry', '-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.unconfigureUserRegistry('-interactive')


configureJAASLoginEntry

Configure a JAAS login entry in a security domain or in the global security configuration. Use this command to modify existing JAAS login entries or to create new login entries.

Target object None.

Required parameters:

    -loginType Type of JAAS login entry of interest. Specify system for the system login type or application for the application login type. (String)
    -loginEntryAlias Specifies an alias that identifies the JAAS login entry in the configuration. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If we do not specify a security domain name, the system updates the global security configuration. (String)
    -loginModules Comma (,) separated list of login module class names. Specify the list in the order the system calls them. (String)
    -authStrategies Comma-separated list of authentication strategies that sets the authentication behavior as authentication proceeds down the list of login modules. Specify one authentication strategy for each login module. (String)

    Specify one or many of the following values in a comma (,) separated list:

    • REQUIRED

      That the LoginModule module is required to succeed. Whether authentication succeeds or fails, the process still continues down the LoginModule list for each realm.

    • REQUISITE

      That the LoginModule module is required to succeed. If authentication is successful, the process continues down the LoginModule list in the realm entry. If authentication fails, control immediately returns to the application. Authentication does not proceed down the LoginModule list.

    • SUFFICIENT

      That the LoginModule module is not required to succeed. If authentication succeeds, control immediately returns to the application. Authentication does not proceed down the LoginModule list. If authentication fails, the process continues down the list.

    • OPTIONAL

      That the LoginModule module is not required to succeed. Whether authentication succeeds or fails, the process still continues down the LoginModule list.

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureJAASLoginEntry('[-loginType application -loginEntryAlias JAASLoginEntry1 -authStrategies " REQUIRED,REQUISITE"]')

  • Jython list: AdminTask.configureJAASLoginEntry(['-loginType', 'application', '-loginEntryAlias', 'JAASLoginEntry1', '-authStrategies', 'REQUIRED,REQUISITE'])

Interactive mode example usage

  • Jython: AdminTask.configureJAASLoginEntry('-interactive')


configureLoginModule

Modify an existing login module or creates a new login module on an existing JAAS login entry in the global security configuration or in a security domain.

Target object: None.

Required parameters:

    -loginType Type of JAAS login entry of interest. Specify system for the system login type or application for the application login type. (String)
    -loginEntryAlias Specifies an alias that identifies the JAAS login entry in the configuration. (String)
    -loginModule Name of the login module. (String)

Optional parameters:

    -newModule That we want a new login module to have the same class name as a previously configured login module. (Boolean)

    For example, if we issued the following command to configure a login module for a given login entry: wsadmin>AdminTask.configureLoginModule('-loginType application -loginEntryAlias TestLogin -loginModule com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl')

    We can issue the following command to configure another login module with the same class name:

    wsadmin>AdminTask.configureLoginModule('-loginType application -loginEntryAlias TestLogin -loginModule com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl' -newModule true')

    The login entry now contains two login modules that use the same class name.

    -modifyModule That we want multiple login modules with the same class name to be modified. (Integer)

    For example, if we issued the following command:

    wsadmin>AdminTask.configureLoginModule('-loginType application -loginEntryAlias TestLogin -loginModule com.ibm.ws.security.common.auth.module.WSClientLoginModul eImpl -modifyModule 2 -authStrategy OPTIONAL')

    The second login module in the TestLogin entry is modified with the OPTIONAL flag.

    -securityDomainName Name of the security configuration. (String)
    -useLoginModuleProxy That the JAAS loads the login module proxy class. JAAS then delegates calls to the login module classes defined in the Module class name field. Specify true to use the login module proxy. (Boolean)
    -authStrategy Authentication behavior as authentication proceeds down the list of login modules. (String)

    Specify one of the following values:

    • REQUIRED

      That the LoginModule module is required to succeed. Whether authentication succeeds or fails, the process still continues down the LoginModule list for each realm.

    • REQUISITE

      That the LoginModule module is required to succeed. If authentication is successful, the process continues down the LoginModule list in the realm entry. If authentication fails, control immediately returns to the application. Authentication does not proceed down the LoginModule list.

    • SUFFICIENT

      That the LoginModule module is not required to succeed. If authentication succeeds, control immediately returns to the application. Authentication does not proceed down the LoginModule list. If authentication fails, the process continues down the list.

    • OPTIONAL

      That the LoginModule module is not required to succeed. Whether authentication succeeds or fails, the process still continues down the LoginModule list.

    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: ["attr1=value1","attr2=value2"] (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureLoginModule('-loginType application -loginEntryAlias JAASLoginEntry1 -loginModule class1')

  • Jython list: AdminTask.configureLoginModule(['-loginType', 'application', '-loginEntryAlias', 'JAASLoginEntry1', '-loginModule', 'class1'])

Interactive mode example usage

  • Jython: AdminTask.configureLoginModule('-interactive')


getJAASLoginEntryInfo

Display configuration for a specific JAAS login entry.

Target object: None.

Required parameters:

    -loginType Type of JAAS login entry of interest. Specify system for the system login type or application for the application login type. (String)
    -loginEntryAlias Specifies an alias that identifies the JAAS login entry in the configuration. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns an attribute list containing configuration information for the JAAS login entry of interest.

Batch mode example usage

  • Jython string: AdminTask.getJAASLoginEntryInfo('-loginType application -loginEntryAlias JAASLoginEntry -securityDomainName testDomain')

  • Jython list: AdminTask.getJAASLoginEntryInfo(['-loginType', 'application', '-loginEntryAlias', 'JAASLoginEntry', '-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getJAASLoginEntryInfo('-interactive')


listJAASLoginEntries

Display each defined JAAS login modules for given type in a security domain or the global security configuration.

Target object: None.

Required parameters:

    -loginType Type of JAAS login entry of interest. Specify system for the system login type or application for the application login type. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns an array of attribute lists that contain the login entries for the login type of interest.

Batch mode example usage

  • Jython string: AdminTask.listJAASLoginEntries('-loginType application -securityDomainName testDomain')

  • Jython list: AdminTask.listJAASLoginEntries(['-loginType', 'application','-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.listJAASLoginEntries('-interactive')


listLoginModules

Display the class names and associated options for a specific JAAS login module in a security domain or in the global security configuration.

Target object: None.

Required parameters:

    -loginType Type of JAAS login entry of interest. Specify system for the system login type or application for the application login type. (String)
    -loginEntryAlias Specifies an alias that identifies the JAAS login entry in the configuration. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns an array containing the login modules in a specific login entry.

Batch mode example usage

  • Jython string: AdminTask.listLoginModules('-loginType system -loginEntryAlias JAASLoginEntry')

  • Jython list: AdminTask.listLoginModules(['-loginType', 'system', '-loginEntryAlias', 'JAASLoginEntry'])

Interactive mode example usage

  • Jython: AdminTask.listLoginModules('-interactive')


unconfigureJAASLoginEntry

Remove a JAAS login entry from the global security configuration or a security domain. We cannot remove all login entries. The command returns an error if it cannot remove the login entry of interest.

Target object None.

Required parameters:

    -loginType Type of JAAS login entry of interest. Specify system for the system login type or application for the application login type. (String)
    -loginEntryAlias Specifies an alias that identifies the JAAS login entry in the configuration. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unconfigureJAASLoginEntry('-loginType application -loginEntryAlias myLoginEntry')

  • Jython list: AdminTask.unconfigureJAASLoginEntry(['-loginType', 'application', '-loginEntryAlias', 'myLoginEntry'])

Interactive mode example usage

  • Jython: AdminTask.unconfigureJAASLoginEntry('-interactive')


unconfigureLoginModule

Remove a login module class from a login module entry.

Target object: None.

Required parameters:

    -loginType Type of JAAS login entry of interest. Specify system for the system login type or application for the application login type. (String)
    -loginEntryAlias Specifies an alias that identifies the JAAS login entry in the configuration. (String)
    -loginModule Name of the login module class to remove from the configuration. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unconfigureLoginModule('-loginType system -loginEntryAlias systemLoginEntry -loginModule moduleClass')

  • Jython list: AdminTask.unconfigureLoginModule(['-loginType', 'system', '-loginEntryAlias', 'systemLoginEntry', '-loginModule', 'moduleClass'])

Interactive mode example usage

  • Jython: AdminTask.unconfigureLoginModule('-interactive')


createAuthDataEntry

Create an authentication data entry for a J2EE Connector architecture (J2C) connector in the global security or security domain configuration.

By default when configuring authentication data entries in Global security, the node name is added to the name of the entry. To stop the node name from being added, the com.ibm.websphere.security.JAASAuthData.removeNodeNameGlobal security property can be set to true using the setAdminActiveSecuritySettings task.

Target object: None.

Required parameters:

    -alias Name that uniquely identifies the authentication data entry. (String)
    -user J2C authentication data user ID. (String)
    -password Password to use for the target enterprise information system (EIS). (String)

Optional parameters:

    -securityDomainName Name of the security domain configuration. If not specified the command uses the global security configuration. (String)
    -description Description of the authentication data entry. (String)

Return value.

The command returns the object name of the new authentication data entry object.

Batch mode example usage

  • Jython string: AdminTask.createAuthDataEntry('-alias dataEntry1 -user userID -password userIDpw')

  • Jython list: AdminTask.createAuthDataEntry(['-alias', 'dataEntry1', '-user', 'userID', '-password', 'userIDpw'])

Interactive mode example usage

  • Jython: AdminTask.createAuthDataEntry('-interactive')


deleteAuthDataEntry

Remove an authentication data entry for a J2C connector in a global security or security domain configuration.

Target object: None.

Required parameters:

    -alias Name that uniquely identifies the authentication data entry. (String)

Optional parameters:

    -securityDomainName Name of the security domain configuration. If not specified the command uses the global security configuration. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.deleteAuthDataEntry('-alias dataEntry1')

  • Jython list: AdminTask.deleteAuthDataEntry(['-alias', 'dataEntry1'])

Interactive mode example usage

  • Jython: AdminTask.deleteAuthDataEntry('-interactive')


getAuthDataEntry

Display information about an authentication data entry for the J2C connector in the global security configuration or for a specific security domain.

Target object None.

Required parameters:

    -alias Name that uniquely identifies the authentication data entry. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns an attribute list containing the authentication data entry attributes and values.

Batch mode example usage

  • Jython string: AdminTask.getAuthDataEntry('-alias authDataEntry1 -securityDomainName testDomain')

  • Jython list: AdminTask.getAuthDataEntry(['-alias', 'authDataEntry1', '-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getAuthDataEntry('-interactive')


listAuthDataEntries

Display each authentication data entry in the global security configuration or in a security domain.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns an array of attribute lists for each authentication data entry.

Batch mode example usage

  • Jython string: AdminTask.listAuthDataEntries('-securityDomainName testDomain')

  • Jython list: AdminTask.listAuthDataEntries(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.listAuthDataEntries('-interactive')


modifyAuthDataEntry

Modify an authentication data entry for a J2C connector in the global security or security domain configuration.

Target object: None.

Required parameters:

    -alias Name that uniquely identifies the authentication data entry. (String)

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)
    -user J2C authentication data user ID. (String)
    -password Password to use for the target enterprise information system (EIS). (String)
    -description Description for the authentication data entry. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.modifyAuthDataEntry('-alias dataEntry1 -user userID1 -password newPassword')

  • Jython list: AdminTask.modifyAuthDataEntry(['-alias', 'dataEntry1', '-user', 'userID1', '-password', 'newPassword'])

Interactive mode example usage

  • Jython: AdminTask.modifyAuthDataEntry('-interactive')


clearAuthCache

Purge the entire security authentication cache of the associated security domain.

Target object None.

Optional parameters:

    -securityDomainId Unique identifier for the security domain. If no security domain ID is specified, the authentication cache of the admin domain is cleared. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.clearAuthCache('-securityDomainId descurity_domain_id')

  • Jython list: AdminTask.clearAuthCache(['-securityDomainId', 'security_domain_id', '-user', 'userID1', '-password', 'newpassword'])

Interactive mode example usage

  • Jython: AdminTask.clearAuthCache('-interactive')


purgeUserFromAuthCache

Remove a user from the security authentication cache associated with a security domain.

The purgeUserFromAuthCache command does not log the user out of an already established application session.

Target object None.

Required parameters:

Optional parameters:

    -securityDomainID Unique identifier of the security domain. If no security domain ID is specified, the authentication cache of admin domain is cleared. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.purgeUserFromAuthCache('-user userID1 -securityDomainId security_domain_id')

  • Jython list: AdminTask.purgeUserFromAuthCache(['-user' 'userID1 ', 'securityDomainId', 'security_domain_id1', '-user', 'userID2', '-password', 'newPassword'])

Interactive mode example usage

  • Jython: AdminTask.purgeUserFromAuthCache('-interactive')


configureCSIInbound

Configure CSIv2 inbound authentication on a security domain or on the global security configuration. When configuring CSI inbound authentication in a security domain for the first time, the CSI objects are copied from global security so any changes to that configuration are applied.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If one is not provided the task will work on the global security user registry configuration. (String)
    -messageLevelAuth Specifies whether clients connecting to this server must specify a user ID and password. Specify Never to disable the user ID and password requirement. Specify Supported to accept a user ID and password. Specify Required to require a user ID and password. (String)
    -supportedAuthMechList Authentication mechanism to use. Specify KRB5 for Kerberos authentication, LTPA for Lightweight Third-Party Authentication, BasicAuth for BasicAuth authentication, and custom to use our own authentication token implementation. We can specify more then one in a space-separated list. (String)
    -clientCertAuth Specifies whether a client that connects to the server must connect using an SSL certificate. Specify Never to allow clients to connect without SSL certificates. Specify Supported to accept clients connecting with and without SSL certificates. Specify Required to require clients to use SSL certificate. (String)
    -transportLayer Transport layer support level. Specify Never to disable transport layer support. Specify Supported to enable transport layer support. Specify Required to require transport layer support. (String)
    -sslConfiguration The SSL configuration alias to use for inbound transport. (String)
    -enableIdentityAssertion Enable identity assertion. When using the identity assertion authentication method, the security token generated is a <wsse:UsernameToken> element containing a <wsse:Username> element. Specify true for the -enableIdentityAssertion parameter to enable identity assertion. (Boolean)
    -trustedIdentities List of trusted server identities, separated by the pipe character (|). To specify a null value, set the value of the -trustedIdentities parameter as an empty string (""). (String)
    -statefulSession Enable a stateful session. Specify true to enable a stateful session. (Boolean)
    -enableAttributePropagation Enable security attribute propagation. Security attribute propagation allows the application server to transport authenticated Subject contents and security context information from one server to another in the configuration. Specify true to enable security attribute propagation. (Boolean)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureCSIInbound('[-securityDomainName testDomain -messageLevelAuth Required -supportedAuthMechList "KRB5 LTPA"]')

  • Jython list: AdminTask.configureCSIInbound(['-securityDomainName', 'testDomain', '-messageLevelAuth', 'Required', '-supportedAuthMechList', 'KRB5 LTPA'])

Interactive mode example usage

  • Jython: AdminTask.configureCSIInbound('-interactive')


configureCSIOutbound

Configure the CSIv2 outbound authentication in a security domain or in the global security configuration. When configuring CSI Outbound in a security domain for the first time, the application server copies the CSI objects from global security. Then, the application server applies the changes to that configuration from the command.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. (String)
    -enableAttributePropagation Enable security attribute propagation. Security attribute propagation allows the application server to transport authenticated Subject contents and security context information from one server to another in the configuration. Specify true to enable security attribute propagation. (Boolean)
    -enableIdentityAssertion Enable identity assertion. When using the identity assertion authentication method, the security token generated is a <wsse:UsernameToken> element containing a <wsse:Username> element. Specify true for the -enableIdentityAssertion parameter to enable identity assertion. (Boolean)
    -useServerIdentity Specifies whether to use the server identity to establish trust with the target server. Specify true to use the server identity. (Boolean)
    -trustedId Trusted identity that the application server uses to establish trust with the target server. (String)
    -trustedIdentityPassword Password of the trusted server identity. (String)
    -messageLevelAuth Specifies whether clients connecting to this server must specify a user ID and password. Specify includeNever to disable the user ID and password requirement. Specify Supported to accept a user ID and password. Specify Required to require a user ID and password. (String)
    -supportedAuthMechList Authentication mechanism to use. Specify KRB5 for Kerberos authentication, LTPA for Lightweight Third-Party Authentication, BasicAuth for BasicAuth authentication, and custom to use our own authentication token implementation. We can specify more then one in a space-separated list. (String)
    -clientCertAuth Specifies whether a client that connects to the server must connect using an SSL certificate. Specify Never to allow clients to connect without SSL certificates. Specify Supported to accept clients connecting with and without SSL certificates. Specify Required to require clients to use SSL certificate. (String)
    -transportLayer Transport layer support level. Specify Never to disable transport layer support. Specify Supported to enable transport layer support. Specify Required to require transport layer support. (String)
    -sslConfiguration The SSL configuration alias to use for inbound transport. (String)
    -statefulSession Enable a stateful session. Specify true to enable a stateful session. (Boolean)
    -enableOutboundMapping Enable custom outbound identity mapping. Specify true to enable custom outbound identity mapping. (Boolean)
    -trustedTargetRealms List of target realms to trust. Separate each realm name with the pipe character (|). (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureCSIOutbound('-securityDomainName testDomain -useServerIdentity true -messageAuthLevel Supported')

  • Jython list: AdminTask.configureCSIOutbound(['-securityDomainName', 'testDomain', '-useServerIdentity', 'true', '-messageAuthLevel', 'Supported'])

Interactive mode example usage

  • Jython: AdminTask.configureCSIOutbound('-interactive')


getCSIInboundInfo

Display information about the Common Secure Interoperability (CSI) inbound settings for the global security configuration or for a security domain.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)
    -displayModel Output format of the configuration information. Specify true to return an attribute list of the model. Specify false to display an attribute of the value used to create the object. (Boolean)

Return value.

The command returns an attribute list of the attributes and values of the CSI inbound object.

Batch mode example usage

  • Jython string: AdminTask.getCSIInboundInfo('-securityDomainName testDomain')

  • Jython list: AdminTask.getCSIInboundInfo(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getCSIInboundInfo('-interactive')


getCSIOutboundInfo

Display information for the CSI outbound settings for the global security configuration or for a security domain.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)
    -displayModel Output format of the configuration information. Specify true to return an attribute list of the model. Specify false to display an attribute of the value used to create the object. (Boolean)

Return value.

The command returns an attribute list containing the attributes and values of the CSI outbound configuration.

Batch mode example usage

  • Jython string: AdminTask.getCSIOutboundInfo('-securityDomainName testDomain')

  • Jython list: AdminTask.getCSIOutboundInfo(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getCSIOutboundInfo('-interactive')


unconfigureCSIInbound

Remove the CSI inbound information from a security domain.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unconfigureCSIInbound('-securityDomainName testDomain')

  • Jython list: AdminTask.unconfigureCSIInbound(['securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.unconfigureCSIInbound('-interactive')


unconfigureCSIOutbound

Removes the CSI outbound information from a security domain.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unconfigureCSIOutbound('-securityDomainName testDomain')

  • Jython list: AdminTask.unconfigureCSIOutbound(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.unconfigureCSIOutbound('-interactive')


configureInterceptor

Modify an existing interceptor or creates an interceptor if one does not exist.

Target object None.

Required parameters:

Optional parameters:

    -securityDomainName Name of the security domain. If we do not specify a security domain, the command assigns the global security configuration. (String)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)

Return value. The command does not return output.

Batch mode example usage

Interactive mode example usage

  • Jython: AdminTask.configureInterceptor('-interactive')


configureTrustAssociation

Enable or disable the trust association. If the security domain does not have a trust association defined, the application server copies each trust association and its interceptors from the global security configuration.

Target object None.

Optional parameters:

    -securityDomainName Name of the security configuration. (String)
    -enable Enable trust association to act as a reverse proxy server. (Boolean)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureTrustAssociation('-securityDomainName testDomain -enable true')

  • Jython list: AdminTask.configureTrustAssociation(['-securityDomainName', 'testDomain', '-enable', 'true'])

Interactive mode example usage

  • Jython: AdminTask.configureTrustAssociation('-interactive')


getTrustAssociationInfo

Display configuration information for trust association.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns an attribute list containing attributes and values for trust association.

Batch mode example usage

  • Jython string: AdminTask.getTrustAssociationInfo('-securityDomainName testDomain')

  • Jython list: AdminTask.getTrustAssociationInfo(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getTrustAssociationInfo('-interactive')


listInterceptors

Display the trust association interceptors configured in the global security or security domain configuration.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value.

Return an array list of each interceptor and the associated custom properties.

Batch mode example usage

  • Jython string: AdminTask.listInterceptors('-securityDomainName testDomain')

  • Jython list: AdminTask.listInterceptors(['securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.listInterceptors('-interactive')


unconfigureInterceptor

Remove a trust association interceptor from the global security configuration or from a security domain.

Target object: None.

Required parameters:

Optional parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value. The command does not return output.

Batch mode example usage

Interactive mode example usage

  • Jython: AdminTask.unconfigureInterceptor('-interactive')


unconfigureTrustAssociation

Remove the trust association object from a security domain.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unconfigureTrustAssociation('-securityDomainName testDomain')

  • Jython list: AdminTask.unconfigureTrustAssociation(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.unconfigureTrustAssociation('


applyWizardSettings

Can be used to automate the global security configuration.

Target object: None.

Optional parameters:

    -secureApps To secure applications.
    -secureLocalResources To secure local resources such as data sets and MVS™ commands.
    -userRegistryType Specifies whether the user is a user, a group, or a group member.
    -ldapServerType Type of LDAP server being used used. The default is IDS51. Specify one of the following valid values:

    • IBM_DIRECTORY_SERVER
    • IPLANET
    • NETSCAPE
    • NDS
    • DOMINO502
    • SECUREWAY
    • ACTIVE_DIRECTORY
    • CUSTOM

    -ldapHostName LDAP host name.
    -ldapPort LDAP port name.
    -ldapBaseDN LDAP base dynamic member attribute.
    -ldapBindDN Dynamically updates LDAP binding information.
    -ldapBindPassword Dynamically updates LDAP binding password information.
    -adminName Refers to the name of an administrator account on the remote target machine.

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.applyWizardSettings('[-secureApps true -secureLocalResources false -userRegistryType LDAPUserRegistry -ldapServerType IBM_DIRECTORY_SERVER -ldapHostName '+ldapServer+' -ldapPort 389 -ldapBaseDN o=ibm,c=us -ldapBindDN cn=root -ldapBindPassword a1x4meok -adminName '+adminUsername+' ]'))


configureAuthzConfig

Configure an external Java Authorization Contract for Containers (JACC) authorization provider in a security domain or the global security configuration.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security configuration. (String)
    -useJACCProvider Specifies whether to use a JACC provider. Specify true to use a JACC provider. (Boolean)
    -name Name of the JACC provider to use. (String)
    -description Description of the JACC provider. (String)
    -j2eePolicyImplClassName Class name of an implementation class that represents the javax.security.jacc.policy.provider property according to the specification. (String)
    -policyConfigurationFactoryImplClassName Class name of an implementation class that represents the javax.security.jacc.PolicyConfigurationFactory.provider property. (String)
    -roleConfigurationFactoryImplClassName Class name of an implementation class that implements the com.ibm.wsspi.security.authorization.RoleConfigurationFactory interface. (String)
    -requiresEJBArgumentsPolicyContextHandler Specifies whether policy providers require the Enterprise JavaBeans arguments policy context handler to make access decisions. Specify true to enable this option. (Boolean)
    -initializeJACCProviderClassName Class name of an implementation class that implements the com.ibm.wsspi.security.authorization.IntializeJACCProvider interface.(String)
    -supportsDynamicModuleUpdates Specifies whether the provider supports dynamic changes to the web modules. Specify true to enable this option. (Boolean)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureAuthzConfig('[-securityDomainName testDomain -useJACCProvider true -name testProvider -description "JACC provider for testing"]')

  • Jython list: AdminTask.configureAuthzConfig(['-securityDomainName', 'testDomain', '-useJACCProvider', 'true', '-name', 'testProvider', '-description', 'JACC provider for testing'])

Interactive mode example usage

  • Jython: AdminTask.configureAuthzConfig('-interactive')


configureSingleSignon

Configure a single sign-on object in global security.

Target object: None.

Optional parameters:

    -enable Enable single sign-on. Specify true to enable single sign-on, or false to disable single sign-on. (Boolean)
    -requiresSSL Specifies whether single sign-on requests send through HTTPS. Specify true to enable this option. (Boolean)
    -domainName Domain name containing a set of hosts to which the single sign-on applies. (String)
    -interoperable Specifies interoperability options. Specify true to send an interoperable cookie to the browser to support back-level servers. Specify false disable the sending of interoperable cookies. (Boolean)
    -attributePropagation Enable inbound security attribute propagation. Specify true to enable web inbound security attribution propagation. Specify false to use the single sign-on token to log in and recreate the Subject from the user registry. (Boolean)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.configureSingleSignon('-enable true -domainName mycompany.com')

  • Jython list: AdminTask.configureSingleSignon(['-enable', 'true', '-domainName', 'mycompany.com'])

Interactive mode example usage

  • Jython: AdminTask.configureSingleSignon('-interactive')


getActiveSecuritySettings

Display the active security settings for global security or a specific security domain.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security domain configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns the active security settings for the security domain of interest or the global security configuration, which includes the following settings:

  • cacheTimeout
  • issuePermissionWarning
  • activeAuthMechanism
  • enforceJava2Security
  • appSecurityEnabled
  • enableGlobalSecurity (global security only)
  • adminPreferredAuthMech (global security only)
  • activeAuthMechanism (global security only)
  • activeUserRegistry
  • enforceFineGrainedJCASecurity
  • dynUpdateSSLConfig (global security only)
  • useDomainQualifiedUserNames
  • customProperties

Batch mode example usage

  • Jython string: AdminTask.getActiveSecuritySettings('-securityDomainName testDomain')

  • Jython list: AdminTask.getActiveSecuritySettings(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getActiveSecuritySettings('-interactive')


getAuthzConfigInfo

Display information about an external JACC authorization provider in a security domain or the global security configuration.

Target object: None.

Optional parameters:

    -securityDomainName Name of the security domain configuration. If not specified the command uses the global security configuration (String)

Return value.

The command returns an attribute list containing the attributes and values associated with the JACC authorization provider.

Batch mode example usage

  • Jython string: AdminTask.getAuthzConfigInfo('-securityDomainName testDomain')

  • Jython list: AdminTask.getAuthzConfigInfo(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.getAuthzConfigInfo('-interactive')


getSingleSignon

Display configuration information about the single sign-on object as defined in the global security configuration.

Target object: None.

Optional parameters: None.

Return value.

The command returns an attribute list containing the attributes and values of the single sign-on configuration.

Batch mode example usage

  • Jython: AdminTask.getSingleSignon()

Interactive mode example usage

  • Jython: AdminTask.getSingleSignon('-interactive')


isSAFVersionValidForIdentityMapping

Return a Boolean indicating if the z/OS security product supports SAF identity mapping. The command returns false on distributed platforms. The server that the wsadmin client is connected to must be active when issuing this command.

Target object: None.

Optional parameters: None.

Return value.

The command returns a Boolean indicating if the z/OS security product supports SAF identity mapping. The command returns false on all platforms other than z/OS.

Example usage

AdminTask.isSAFVersionValidForIdentityMapping()


setAdminActiveSecuritySettings

Set the active security settings on the global security object.

To set the security settings for a security domain, see the setAppActiveSecuritySettings command.

Target object: None.

Optional parameters:

    -enableGlobalSecurity Enable global security. Specify true to enable global security, or specify false to disable global security. (Boolean)
    -cacheTimeout Amount of time, in seconds, before authentication data becomes invalid. (Integer)
    -issuePermissionWarning Specifies whether to issue a warning during application installation if the application requires security permissions. Specify true to enable the warning notification, or specify false to disable the warning notification. (Boolean)
    -enforceJava2Security Enable Java EE security. Specify true to enable Java EE security permissions checking, or specify false to disable Java EE security. (Boolean)
    -enforceFineGrainedJCASecurity Restrict application access. Specify true to restrict application access to sensitive Java EE Connector Architecture (JCA) mapping authentication data. (Boolean)
    -appSecurityEnabled Enable application-level security. Specify true to enable application level security, or specify false to disable application-level security. (Boolean)
    -dynUpdateSSLConfig Specifies whether to dynamically update SSL configuration changes. Specify true to update SSL configuration changes dynamically, or specify false to update the SSL configuration when the server starts. (Boolean)
    -activeAuthMechanism Active authentication mechanism. Specify LTPA for LTPA authentication, KRB5 for Kerberos authentication, or RSAToken for RSA token authorization. (String)
    -adminPreferredAuthMech Preferred authentication mechanism. Specify LTPA for LTPA authentication, KRB5 for Kerberos authentication, or RSAToken for RSA token authorization. (String)
    -activeUserRegistry Active user registry for the server. (String)

    Specify one of the following values:

      CustomUserRegistry This option enables us to specify a custom user registry as the active user registry for the server.
      LDAPUserRegistry This option enables us to specify an LDAP user registry as the active user registry for the server.
      LocalOSUserRegistry This option enables us to specify the local operating system user registry as the active user registry for the server.
      WIMUserRegistry This option enables us to specify a federated repository as the active user registry for the server.
    -useDomainQualifiedUserNames Type of user name to use. Specify true to use domain qualified user names, or specify false to use the short name. (Boolean)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.setAdminActiveSecuritySettings('-enableGlobalSecurity true -cacheTimeout 300 -enforceJava2Security true -appSecurityEnabled true -activeUserRegistry LDAPUserRegistry')

  • Jython list: AdminTask.setAdminActiveSecuritySettings(['-enableGlobalSecurity', 'true', '-cacheTimeout', '300', '-enforceJava2Security', 'true', '-appSecurityEnabled', 'true' '-activeUserRegistry', 'LDAPUserRegistry])

Interactive mode example usage

  • Jython: AdminTask.setAdminActiveSecuritySettings('-interactive')


setAppActiveSecuritySettings

Set the active security settings on a security domain.

To set the security settings for global security, see the setAdminActiveSecuritySettings command.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Optional parameters:

    -cacheTimeout Amount of time, in seconds, before authentication data becomes invalid. (Integer)
    -issuePermissionWarning Specifies whether to issue a warning during application installation if the application requires security permissions. Specify true to enable the warning notification, or specify false to disable the warning notification. (Boolean)
    -enforceJava2Security Enable Java EE security. Specify true to enable Java EE security permissions checking, or specify false to disable Java EE security. (Boolean)
    -enforceFineGrainedJCASecurity Restrict application access. Specify true to restrict application access to sensitive Java EE Connector Architecture (JCA) mapping authentication data. (Boolean)
    -appSecurityEnabled Enable application-level security. Specify true to enable application level security, or specify false to disable application-level security. (Boolean)
    -activeUserRegistry Active user registry for the server. (String)
    -useDomainQualifiedUserNames Type of user name to use. Specify true to use domain qualified user names, or specify false to use the short name. (Boolean)
    -customProperties Comma separated list of quoted attribute and value pairs the system stores as custom properties on the user registry object. For example, use the format: "attr1=value1","attr2=value2" (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.setAppActiveSecuritySettings('-securityDomainName testDomain -issuePermissionWarning false -enforceFineGrainedJCASecurity true')

  • Jython list: AdminTask.setAppActiveSecuritySettings(['-securityDomainName', 'testDomain', '-issuePermissionWarning', 'false', '-enforceFineGrainedJCASecurity', 'true'])

Interactive mode example usage

  • Jython: AdminTask.setAppActiveSecuritySettings('-interactive')


unconfigureAuthzConfig

Remove an external JACC authorization provider from the global security configuration or a security domain.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unconfigureAuthzConfig('-securityDomainName testDomain')

  • Jython list: AdminTask.unconfigureAuthzConfig(['-securityDomainName', 'testDomain'])

Interactive mode example usage

  • Jython: AdminTask.unconfigureAuthzConfig('-interactive')


unsetAppActiveSecuritySettings

Eemove an attribute from the global security configuration or a security domain.

Target object: None.

Required parameters:

    -securityDomainName Name of the security configuration. If not specified the command uses the global security configuration (String)

Optional parameters:

    -unsetAppSecurityEnabled Remove the attribute that enables application security. Specify true to remove the attribute. (Boolean)
    -unsetActiveUserRegistry Remove the active user registry attribute. Specify true to remove the attribute. (Boolean)
    -unsetUseDomainQualifiedUserNames Remove the user domain qualified user names attribute. Specify true to remove the attribute. (Boolean)
    -unsetEnforceJava2Security Remove the Java EE security attribute. Specify true to remove the attribute. (Boolean)
    -unsetEnforceFineGrainedJCASecurity Remove the fine-grained JCA security attribute. Specify true to remove the attribute. (Boolean)
    -unsetIssuePermissionWarning Remove the attribute that issues user permission warnings. Specify true to remove the attribute. (Boolean)
    -unsetCacheTimeout Remove the cache timeout attribute. Specify true to remove the attribute. (Boolean)

Return value. The command does not return output.

Batch mode example usage

  • Jython string: AdminTask.unsetAppActiveSecuritySettings('-securityDomainName testDomain -unsetAppSecurityEnabled true -unsetPermissionWarning true')

  • Jython list: AdminTask.unsetAppActiveSecuritySettings(['-securityDomainName', 'testDomain', '-unsetAppSecurityEnabled', 'true', '-unsetPermissionWarning', 'true'])

Interactive mode example usage

  • Jython: AdminTask.unsetAppActiveSecuritySettings('-interactive')

  • Configure multiple security domains using scripting
  • Configure trust association using scripting
  • Configure Common Secure Interoperability authentication using scripting
  • Add a new custom property in a global security configuration or in a security domain configuration
  • Modifying an existing custom property in a global security configuration or in a security domain configuration
  • Deleting an existing custom property in a global security configuration or in a security domain configuration
  • SecurityDomainCommands
  • NamingAuthzCommands
  • SecurityRealmInfoCommands