https://onemoretech.wordpress.com/2012/07/30/openam-cheat-sheet/ https://wikis.forgerock.org/confluence/display/openam/OpenAM+Command+Line+Reference 上記より抜粋します。
SSOサーバを一覧表示
# /opt/openam/admin/sso/bin/ssoadm list-servers \
-u amadmin -f /home/openam/pwd.txt
http://openam001.example.com:8080/sso
http://openam002.example.com:8080/sso
SSOサーバの設定内容表示
# /opt/openam/admin/sso/bin/ssoadm list-server-cfg \
-u amadmin -f /home/openam/pwd.txt \
-s http://openam001.example.com:8080/sso
am.encryption.pwd=6NgTJeC3?????????????66GfJ61ZY
bootstrap.file=/usr/share/tomcat8/.openamcfg/AMConfig_var_lib_tomcat8_webapps_sso_
com.iplanet.am.cookie.secure=true
com.iplanet.am.lbcookie.value=01
com.iplanet.am.ldap.connection.ldap.error.codes.retries=80,81,91
:
com.sun.identity.urlconnection.useCache=false
com.sun.services.debug.mergeall=off
opensso.protocol.handler.pkgs=
org.forgerock.embedded.dsadminport=4444
WebAgentの一覧表示
# /opt/openam/admin/sso/bin/ssoadm list-agents \ -u amadmin -f /home/openam/pwd.txt \ -t WebAgent -e sso pvean-vpc (id=pvean-vpc,ou=agentonly,o=sso,ou=services,dc=openam,dc=forgerock,dc=org)
※「-e sso」の部分はレルム(openam.example.com/sso のssoの部分)を指定しています
WebAgentの表示
# /opt/openam/admin/sso/bin/ssoadm show-agent \ -u amadmin -f /home/openam/pwd.txt \ -e sso -b pvean-vpc com.sun.identity.client.notification.url=http://10.200.11.119:80/UpdateAgentCacheServlet?shortcircuit=false
※「-b pvean-vpc」の部分は、Anget Groupを指定しています
Agent Groupの一覧表示
# /opt/openam/admin/sso/bin/ssoadm list-agent-grps \ > -u amadmin -f /home/openam/pwd.txt \ > -e sso pvean (id=pvean,ou=agentgroup,o=sso,ou=services,dc=openam,dc=forgerock,dc=org)
Agent Groupの設定内容表示
# /opt/openam/admin/sso/bin/ssoadm show-agent-grp \
-u amadmin -f /home/openam/pwd.txt \
-e sso -b pvean
com.sun.identity.agents.config.agent.logout.url[0]=
com.sun.identity.agents.config.agenturi.prefix=https://ean.example.com:443/amagent
:
sunIdentityServerDeviceKeyValue[1]=agentRootURL=https://ean.example.com:443/
sunIdentityServerDeviceStatus=Active
OpenAMが利用するデータストアタイプの表示
# /opt/openam/admin/sso/bin/ssoadm list-datastores \ -u amadmin -f /home/openam/pwd.txt \ -e sso Datastore: OpenLDAP
openamのデータストアの設定内容を表示
# /opt/openam/admin/sso/bin/ssoadm show-datastore \ -u amadmin -f /home/openam/pwd.txt \ -e sso -m OpenLDAP sun-idrepo-ldapv3-config-groups-search-attribute=cn sun-idrepo-ldapv3-config-user-objectclass=iplanet-am-managed-person : sun-idrepo-ldapv3-config-inactive=Inactive sun-idrepo-ldapv3-config-authpw=********
コマンドライン(バッチ)で設定を投入
以下の例では、認証不要pathを3種類追加しています
# vi /tmp/create_agents.ssoadm update-agent-grp -e sso -b ean -a com.sun.identity.agents.config.notenforced.url[0]=*/no-auth-path update-agent-grp -e sso -b ean -a com.sun.identity.agents.config.notenforced.url[1]=*/no-auth-path2 update-agent-grp -e sso -b ean -a com.sun.identity.agents.config.notenforced.url[2]=*/no-auth-path3 # /opt/openam/admin/sso/bin/ssoadm do-batch -u amadmin \ -f /home/openam/pwd.txt \ -Z /tmp/create_agents.ssoadm -b /tmp/status.txt
