IdMgrRealmConfig

Use the Jython or Jacl scripting languages to configure federated repositories realms. The commands in the IdMgrRealmConfig group can be used to manage the realm configuration.

The IdMgrRealmConfigcommands include:

• addIdMgrRealmBaseEntry
• createIdMgrRealm
• deleteIdMgrRealm
• deleteIdMgrRealmBaseEntry
• deleteIdMgrRealmDefaultParent
• getIdMgrDefaultRealm
• getIdMgrRepositoriesForRealm
• getIdMgrRealm
• listIdMgrRealms
• listIdMgrRealmBaseEntries
• listIdMgrRealmDefaultParents
• listIdMgrRealmURAttrMappings
• renameIdMgrRealm
• setIdMgrDefaultRealm
• setIdMgrRealmDefaultParent
• setIdMgrRealmURAttrMapping
• updateIdMgrRealm

addIdMgrRealmBaseEntry

Add a base entry to a specific realm configuration and links the realm with the repository.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

-baseEntry

Name of the base entry. (String, optional)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask addIdMgrRealmBaseEntry {-name defaultWIMFileBasedRealm -baseEntry o=sampleFileRepository}

• Use Jython string:
  AdminTask.addIdMgrRealmBaseEntry ('[-name defaultWIMFileBasedRealm -baseEntry o=sampleFileRepository]')

• Use Jython list:
  AdminTask.addIdMgrRealmBaseEntry (['-name', 'defaultWIMFileBasedRealm', '-baseEntry', 'o=sampleFileRepository'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask addIdMgrRealmBaseEntry {-interactive}

• Use Jython string:
  AdminTask.addIdMgrRealmBaseEntry ('[-interactive]')

• Use Jython list:
  AdminTask.addIdMgrRealmBaseEntry (['-interactive'])

createIdMgrRealm

Create a realm configuration.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-securityUse

Specifies a string that indicates if this virtual realm will be used in security now, later, or never. The default is active. Additional values includes: inactive and nonSelectable. (String, optional)

-delimiter

Delimiter used for this realm. The default is /. (String, optional)

-allowOperationIfReposDown

Specifies whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. The default is false. (Boolean, optional)

Even if this parameter is specified, all repositories must be available when we start the server, or the federated repositories will not function properly..

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask createIdMgrRealm {-name realm1 -allowOperationIfReposDown true}

• Use Jython string:
  AdminTask.createIdMgrRealm ('[-name realm1 -allowOperationIfReposDown true]')

• Use Jython list:
  AdminTask.createIdMgrRealm (['-name', 'realm1', '-allowOperationIfReposDown', 'true'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask createIdMgrRealm {-interactive}

• Use Jython string:
  AdminTask.createIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.createIdMgrRealm (['-interactive'])

deleteIdMgrRealm

Delete the realm configuration specified.

Target Object

None.

Required parameters:

-name

The realm name. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask deleteIdMgrRealm {-name realm1}

• Use Jython string:
  AdminTask.deleteIdMgrRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.deleteIdMgrRealm (['-name', 'realm1'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask deleteIdMgrRealm {-interactive}

• Use Jython string:
  AdminTask.deleteIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.deleteIdMgrRealm (['-interactive'])

deleteIdMgrRealmBaseEntry

Delete a base entry from a realm configuration specified.

The realm must always contain at least one base entry, thus we cannot remove every entry.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

-baseEntry

Name of a base entry. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask deleteIdMgrRealmBaseEntry {-name realm1 -baseEntry entry1}

• Use Jython string:
  AdminTask.deleteIdMgrRealmBaseEntry ('[-name realm1 -baseEntry entry1]')

• Use Jython list:
  AdminTask.deleteIdMgrRealmBaseEntry (['-name', 'realm1', '-baseEntry', 'entry1'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask deleteIdMgrRealmBaseEntry {-interactive}

• Use Jython string:
  AdminTask.deleteIdMgrRealmBaseEntry ('[-interactive]')

• Use Jython list:
  AdminTask.deleteIdMgrRealmBaseEntry (['-interactive'])

deleteIdMgrRealmDefaultParent

Delete the mapping of the default parent of an entity type for a realm.

Target Object

None.

Required parameters:

-entityTypeName

Name of a valid supported entity type for which we want to delete the default parent mapping. We can specify an asterisk (*) to delete the default parent mapping for all entity types in the realm. (String, required)

Optional parameters:

-name

Specify a valid realm name for which we want to delete the mapping. If we do not specify the -name parameter, the command deletes the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask deleteIdMgrRealmDefaultParent {-entityTypeName entity_type}

• Use Jython string:
  AdminTask.deleteIdMgrRealmDefaultParent ('[-entityTypeName entity_type]')

• Use Jython list:
  AdminTask.deleteIdMgrRealmDefaultParent (['-entityTypeName', 'entity_type'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask deleteIdMgrRealmDefaultParent {-interactive}

• Use Jython string:
  AdminTask.deleteIdMgrRealmDefaultParent ('[-interactive]')

• Use Jython list:
  AdminTask.deleteIdMgrRealmDefaultParent (['-interactive'])

getIdMgrDefaultRealm

Return the default realm name.

Target Object

None.

Required parameters: None.

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask getIdMgrDefaultRealm

• Use Jython string:
  AdminTask.getIdMgrDefaultRealm()

• Use Jython list:
  AdminTask.getIdMgrDefaultRealm()

Interactive mode example usage:

• Use Jacl:
  $AdminTask getIdMgrDefaultRealm {-interactive}

• Use Jython string:
  AdminTask.getIdMgrDefaultRealm ('[-interactive]')

• Use Jython list:
  AdminTask.getIdMgrDefaultRealm (['-interactive'])

getIdMgrRepositoriesForRealm

Return repository specific details for the repositories configured for a specified realm.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask getIdMgrRepositoriesForRealm {-name realm1}

• Use Jython string:
  AdminTask.getIdMgrRepositoriesForRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.getIdMgrRepositoriesForRealm (['-name', 'realm1'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask getIdMgrRepositoriesForRealm {-interactive}

• Use Jython string:
  AdminTask.getIdMgrRepositoriesForRealm ('[-interactive]')

• Use Jython list:
  AdminTask.getIdMgrRepositoriesForRealm (['-interactive'])

getIdMgrRealm

Return the configuration parameters for the realm specified.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask getIdMgrRealm {-name realm1}

• Use Jython string:
  AdminTask.getIdMgrRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.getIdMgrRealm (['-name', 'realm1'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask getIdMgrRealm {-interactive}

• Use Jython string:
  AdminTask.getIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.getIdMgrRealm (['-interactive'])

listIdMgrRealms

Return all of the names of the configured realms.

Target Object

None.

Required parameters: None.

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask listIdMgrRealms

• Use Jython string:
  AdminTask.listIdMgrRealms()

• Use Jython list:
  AdminTask.listIdMgrRealms()

Interactive mode example usage:

• Use Jacl:
  $AdminTask listIdMgrRealms {-interactive}

• Use Jython string:
  AdminTask.listIdMgrRealms ('[-interactive]')

• Use Jython list:
  AdminTask.listIdMgrRealms (['-interactive'])

listIdMgrRealmBaseEntries

Return all of the names of the configured realms.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask listIdMgrRealmBaseEntries {-name realm1}

• Use Jython string:
  AdminTask.listIdMgrRealmBaseEntries ('[-name realm1]')

• Use Jython list:
  AdminTask.listIdMgrRealmBaseEntries (['-name', 'realm1'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask listIdMgrRealmBaseEntries {-interactive}

• Use Jython string:
  AdminTask.listIdMgrRealmBaseEntries ('[-interactive]')

• Use Jython list:
  AdminTask.listIdMgrRealmBaseEntries (['-interactive'])

listIdMgrRealmDefaultParents

List the mapping of the default parent uniqueName for all entity types in a specified realm.

Target Object

None.

Required parameters: None.

Optional parameters:

-name

Specify a valid realm name for which we want to list the mapping. If we do not specify the -name parameter, the command returns the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Return values

The listIdMgrRealmDefaultParents command returns the mapping of each entity type to default parent uniqueName for the specified realm. The results are returned as a Map where the key is entityType and the value is parentUniqueName.

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask listIdMgrRealmDefaultParents {-name realm_name}

• Use Jython string:
  AdminTask.listIdMgrRealmDefaultParents ('[-name realm_name]')

• Use Jython list:
  AdminTask.listIdMgrRealmDefaultParents ((['-name', 'realm_name'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask listIdMgrRealmDefaultParents {-interactive}

• Use Jython string:
  AdminTask.listIdMgrRealmDefaultParents ('[-interactive]')

• Use Jython list:
  AdminTask.listIdMgrRealmDefaultParents (['-interactive'])

listIdMgrRealmURAttrMappings

List the mappings between the user or group attributes for a user registry and the federated repository properties of a specified realm.

Target object: None.

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-name

Specify a valid realm name for which we want to list the mapping.

If we do not specify the -name parameter, the listIdMgrRealmURAttrMappings command returns the mapping of the default realm in the federated repository configuration.

(String, optional)

Return values

The listIdMgrRealmURAttrMappings command returns a HashMap containing the following structure:

• The key is the user registry attribute name (URAttrName parameter).

• The value is another HashMap containing the propertyForInput and propertyForOutput as keys and the corresponding mapping as the values.

Sample output.

{userDisplayName={propertyForInput=principalName, propertyForOutput=principalName}, userSecurityName={propertyForInput=principalName, propertyForOutput=principalName}, uniqueUserId={propertyForInput=uniqueName, propertyForOutput=uniqueName}, uniqueGroupId={propertyForInput=uniqueName, propertyForOutput=uniqueName}, groupSecurityName={propertyForInput=cn, propertyForOutput=cn}, groupDisplayName={propertyForInput=cn, propertyForOutput=cn}}

Examples

Batch mode example usage:

• Jacl:
  $AdminTask listIdMgrRealmURAttrMappings

• Jython string:
  AdminTask.listIdMgrRealmURAttrMappings()

• Jython list:
  AdminTask.listIdMgrRealmURAttrMappings()

Interactive mode example usage:

• Jacl:
  $AdminTask listIdMgrRealmURAttrMappings {-interactive}

• Jython string:
  AdminTask.listIdMgrRealmURAttrMappings ('[-interactive]')

• Jython list:
  AdminTask.listIdMgrRealmURAttrMappings (['-interactive'])

renameIdMgrRealm

Rename the name of the realm specified.

Renaming the federated repositories realm name does not update the realm name stored in the security.xml file.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

-newName

New name of the realm. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask renameIdMgrRealm {-name realm1 -newName realm2}

• Use Jython string:
  AdminTask.renameIdMgrRealm ('[-name realm1 -newName realm2]')

• Use Jython list:
  AdminTask.renameIdMgrRealm (['-name', 'realm1', '-newName', 'realm2'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask renameIdMgrRealm {-interactive}

• Use Jython string:
  AdminTask.renameIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.renameIdMgrRealm (['-interactive'])

setIdMgrDefaultRealm

Set the default realm name.

Required parameters:

-name

Name of the realm used as a default realm when the caller does not specify any in context. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask setIdMgrDefaultRealm {-name realm1}

• Use Jython string:
  AdminTask.setIdMgrDefaultRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.setIdMgrDefaultRealm (['-name', 'realm1'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask setIdMgrDefaultRealm {-interactive}

• Use Jython string:
  AdminTask.setIdMgrDefaultRealm ('[-interactive]')

setIdMgrRealmDefaultParent

Set or modify the default parent uniqueName for an entity type in a specified realm.

Target object: None.

Required parameters:

-entityTypeName

Name of a valid supported entity type for which to set or modify the default parent. (String, required)

-parentUniqueName

Default parent of the entity type in the specified realm. The default parent specified should be a valid uniqueName in this realm. (String, required)

Optional parameters:

-name

Specify a valid realm name for which to set or modify the mapping. If we do not specify the -name parameter, the command sets or modifies the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask setIdMgrRealmDefaultParent {-entityTypeName entity_type -parentUniqueName unique_name}

• Use Jython string:
  AdminTask.setIdMgrRealmDefaultParent ('[-entityTypeName entity_type -parentUniqueName unique_name]')

• Use Jython list:
  AdminTask.setIdMgrRealmDefaultParent (['-entityTypeName', 'entity_type', '-parentUniqueName', 'unique_name'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask setIdMgrRealmDefaultParent {-interactive}

• Use Jython string:
  AdminTask.setIdMgrRealmDefaultParent ('[-interactive]')

• Use Jython list:
  AdminTask.setIdMgrRealmDefaultParent (['-interactive'])

setIdMgrRealmURAttrMapping

Set or modify the mapping of the user or group attribute for a user registry to a federated repository property of a specified realm.

The setIdMgrRealmURAttrMapping command is available in both connected and local modes. If we run the setIdMgrRealmURAttrMapping command in connected mode, the realm attribute mapping changes take effect after you restart the server.

Target object: None.

Required parameters:

-URAttrName

Name of the user or group attribute in a user registry to map. The following case-sensitive values are valid for the URAttrName parameter:

• uniqueUserId
• userSecurityName
• userDisplayName
• uniqueGroupId
• groupSecurityName
• groupDisplayName

If we run the setIdMgrRealmURAttrMapping command multiple times for the same user registry attribute name, it overwrites the previous value.

(String, required)

-propertyForInput

Name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an input parameter for the user registry interface. (String, required)

-propertyForOutput

Name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an output parameter (return value) for the user registry interface. (String, required)

In most cases, the propertyForInput and propertyForInput would be the same.

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-name

Specify a valid realm name for which to set or modify the mapping. If we do not specify the name parameter, the setIdMgrRealmURAttrMapping command uses the default realm in the federated repository configuration. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask setIdMgrRealmURAttrMapping {-URAttrName uniqueUserId -propertyForInput uniqueName -propertyForOutput uniqueName}

• Jython string:
  AdminTask.setIdMgrRealmURAttrMapping ('[-URAttrName uniqueUserId -propertyForInput uniqueName -propertyForOutput uniqueName]')

• Jython list:
  AdminTask.setIdMgrRealmURAttrMapping (['-URAttrName', 'uniqueUserId', '-propertyForInput', 'uniqueName', '-propertyForOutput', 'uniqueName'])

Interactive mode example usage:

• Jacl:
  $AdminTask setIdMgrRealmURAttrMapping {-interactive}

• Jython string:
  AdminTask.setIdMgrRealmURAttrMapping ('[-interactive]')

• Jython list:
  AdminTask.setIdMgrRealmURAttrMapping (['-interactive'])

updateIdMgrRealm

Update the configuration for a realm specified.

Target Object

None.

Required parameters:

-name

Name of the realm. (String, required)

Optional parameters:

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-securityUse

Specifies a string that indicates if this realm will be used in security now, later, or never. The default is active. Additional values includes: inactive and nonSelectable. (String, optional)

-delimiter

specifies the delimiter used for this realm. The default is /. (String, optional)

-allowOperationIfReposDown

Specifies whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. (Boolean, optional)

Even if this parameter is specified, all repositories must be available when we start the server, or the virtual member manager might not function properly..

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask updateIdMgrRealm {-name realm1}

• Use Jython string:
  AdminTask.updateIdMgrRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.updateIdMgrRealm (['-name', 'realm1'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask updateIdMgrRealm {-interactive}

• Use Jython string:
  AdminTask.updateIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.updateIdMgrRealm (['-interactive'])

wsadmin AdminTask

Commands for the AdminTask object

IdMgrRepositoryConfig

IdMgrConfig