https://onemoretech.wordpress.com/2012/07/30/openam-cheat-sheet/ https://wikis.forgerock.org/confluence/display/openam/OpenAM+Command+Line+Reference 上記より抜粋します。
SSOサーバを一覧表示
# /opt/openam/admin/sso/bin/ssoadm list-servers \ -u amadmin -f /home/openam/pwd.txt http://openam001.example.com:8080/sso http://openam002.example.com:8080/sso
SSOサーバの設定内容表示
# /opt/openam/admin/sso/bin/ssoadm list-server-cfg \ -u amadmin -f /home/openam/pwd.txt \ -s http://openam001.example.com:8080/sso am.encryption.pwd=6NgTJeC3?????????????66GfJ61ZY bootstrap.file=/usr/share/tomcat8/.openamcfg/AMConfig_var_lib_tomcat8_webapps_sso_ com.iplanet.am.cookie.secure=true com.iplanet.am.lbcookie.value=01 com.iplanet.am.ldap.connection.ldap.error.codes.retries=80,81,91 : com.sun.identity.urlconnection.useCache=false com.sun.services.debug.mergeall=off opensso.protocol.handler.pkgs= org.forgerock.embedded.dsadminport=4444
WebAgentの一覧表示
# /opt/openam/admin/sso/bin/ssoadm list-agents \ -u amadmin -f /home/openam/pwd.txt \ -t WebAgent -e sso pvean-vpc (id=pvean-vpc,ou=agentonly,o=sso,ou=services,dc=openam,dc=forgerock,dc=org)
※「-e sso」の部分はレルム(openam.example.com/sso のssoの部分)を指定しています
WebAgentの表示
# /opt/openam/admin/sso/bin/ssoadm show-agent \ -u amadmin -f /home/openam/pwd.txt \ -e sso -b pvean-vpc com.sun.identity.client.notification.url=http://10.200.11.119:80/UpdateAgentCacheServlet?shortcircuit=false
※「-b pvean-vpc」の部分は、Anget Groupを指定しています
Agent Groupの一覧表示
# /opt/openam/admin/sso/bin/ssoadm list-agent-grps \ > -u amadmin -f /home/openam/pwd.txt \ > -e sso pvean (id=pvean,ou=agentgroup,o=sso,ou=services,dc=openam,dc=forgerock,dc=org)
Agent Groupの設定内容表示
# /opt/openam/admin/sso/bin/ssoadm show-agent-grp \ -u amadmin -f /home/openam/pwd.txt \ -e sso -b pvean com.sun.identity.agents.config.agent.logout.url[0]= com.sun.identity.agents.config.agenturi.prefix=https://ean.example.com:443/amagent : sunIdentityServerDeviceKeyValue[1]=agentRootURL=https://ean.example.com:443/ sunIdentityServerDeviceStatus=Active
OpenAMが利用するデータストアタイプの表示
# /opt/openam/admin/sso/bin/ssoadm list-datastores \ -u amadmin -f /home/openam/pwd.txt \ -e sso Datastore: OpenLDAP
openamのデータストアの設定内容を表示
# /opt/openam/admin/sso/bin/ssoadm show-datastore \ -u amadmin -f /home/openam/pwd.txt \ -e sso -m OpenLDAP sun-idrepo-ldapv3-config-groups-search-attribute=cn sun-idrepo-ldapv3-config-user-objectclass=iplanet-am-managed-person : sun-idrepo-ldapv3-config-inactive=Inactive sun-idrepo-ldapv3-config-authpw=********
コマンドライン(バッチ)で設定を投入
以下の例では、認証不要pathを3種類追加しています
# vi /tmp/create_agents.ssoadm update-agent-grp -e sso -b ean -a com.sun.identity.agents.config.notenforced.url[0]=*/no-auth-path update-agent-grp -e sso -b ean -a com.sun.identity.agents.config.notenforced.url[1]=*/no-auth-path2 update-agent-grp -e sso -b ean -a com.sun.identity.agents.config.notenforced.url[2]=*/no-auth-path3 # /opt/openam/admin/sso/bin/ssoadm do-batch -u amadmin \ -f /home/openam/pwd.txt \ -Z /tmp/create_agents.ssoadm -b /tmp/status.txt