You can use ssoadm CLI to automate the OpenSSO service configuration.  In the next few blog entries I am planning to give some examples on how to perform certain configuration changes using the ssoadm CLI. In this article I am going to show you how to create an Authentication Chain. You should have configured the CLI  as a prerequisite.

Here is the scenario:

  • Create an LDAP auth module with Name "MyLDAP" pointing to the ldapserver  with BIND DN "cn=myldap manager"
  • Create an Authentication Chain ‘myauthcfg’ with MyLDAP as the required module

Creating LDAP Authentication Module

  • ./ssoadm create-auth-instance -m MyLDAP -t LDAP -u amadmin -f /tmp/.pass -e /

 Update the LDAP Server Properties

Add the ldap server configuration details to the newly created auth module ‘MyLDAP’

  • ./ssoadm update-auth-instance -e / -m MyLDAP -u amadmin -f /tmp/.pass -a "" "iplanet-am-auth-ldap-bind-dn=cn=myldap manager"

Create the Authentication Chain

When you create the auth chain there will be no modules added to it, you need add it later

Create the Auth Chain named ‘myauthcfg’

  • ./ssoadm create-auth-cfg -e / -m myauthcfg -u amadmin -f /tmp/.pass

Add Auth Instances to  Auth chain 

Add the MyLDAP as the required module to the auth chain ‘myauthcfg’

  • ./ssoadm update-auth-cfg-entr -m myauthcfg -e / -u amadmin -f /tmp/.pass

Listing Auth Chains

You can list the available authentication configurations in a realm using the list-auth-cfgs  sub command.

./ssoadm list-auth-cfgs -e / -u amadmin -f /tmp/.pass
Authentication Configurations:

Listing Authentication Instances

You can also list the available authentication instances in a realm using the list-auth-instances sub command

  • ./ssoadm list-auth-instances -e / -u amadmin -f /tmp/.pass

Authentication Instances:
WSSAuthModule, [type=WSSAuthModule]
MyLDAP, [type=LDAP]
Federation, [type=Federation]
LDAP, [type=LDAP]
HOTP, [type=HOTP]
DataStore, [type=DataStore]
SAE, [type=SAE]