You can use ssoadm CLI to automate the OpenSSO service configuration. In the next few blog entries I am planning to give some examples on how to perform certain configuration changes using the ssoadm CLI. In this article I am going to show you how to create an Authentication Chain. You should have configured the CLI as a prerequisite.
Here is the scenario:
- Create an LDAP auth module with Name "MyLDAP" pointing to the ldapserver myldap.example.com:5389 with BIND DN "cn=myldap manager"
- Create an Authentication Chain ‘myauthcfg’ with MyLDAP as the required module
Creating LDAP Authentication Module
- ./ssoadm create-auth-instance -m MyLDAP -t LDAP -u amadmin -f /tmp/.pass -e /
Update the LDAP Server Properties
Add the ldap server configuration details to the newly created auth module ‘MyLDAP’
./ssoadm update-auth-instance -e / -m MyLDAP -u amadmin -f /tmp/.pass -a "iplanet-am-auth-ldap-server=myldap.example.com:5389" "iplanet-am-auth-ldap-bind-dn=cn=myldap manager"
Create the Authentication Chain
When you create the auth chain there will be no modules added to it, you need add it later
Create the Auth Chain named ‘myauthcfg’
- ./ssoadm create-auth-cfg -e / -m myauthcfg -u amadmin -f /tmp/.pass
Add Auth Instances to Auth chain
Add the MyLDAP as the required module to the auth chain ‘myauthcfg’
- ./ssoadm update-auth-cfg-entr -m myauthcfg -e / -u amadmin -f /tmp/.pass
Listing Auth Chains
You can list the available authentication configurations in a realm using the list-auth-cfgs sub command../ssoadm list-auth-cfgs -e / -u amadmin -f /tmp/.pass Authentication Configurations: ldapService myauthcfg
Listing Authentication Instances
You can also list the available authentication instances in a realm using the list-auth-instances sub command
- ./ssoadm list-auth-instances -e / -u amadmin -f /tmp/.pass