How to Edit (create, delete, modify) Identity Store of OAM 11g from command line (WLST) – editUserIdentityStoreConfig

In today’s post I am going to show command line tool WLST (Weblogic Scripting Tool) to manage configuration of Oracle Access Manager 11g . 
___
OAM administrator and user identities are stored within an LDAP server for use during authentication and authorization. By default OAM 11g uses weblogic’s embedded LDAP server as its Identity Store.
___

In my earlier post here I explained How to create Identity Store for OAM 11g pointing to enterprise LDAP server like OID or Active Directory using OAM Console (Graphical User Interface to manage configuration). In below example, I will explain how to change default identity store of OAM 11g back to Identity Store “UserIdentityStore1” using WebLogic Scripting Commands for OAM 11g.

1. Set Environment variable
$DOMAIN_HOME/bin/setDomainEnv.sh

2. Start WLST
$ORACLE_HOME/common/bin/wlst.sh

Now you should get prompt like
wls:/offline>

3.Connect to WebLogic Admin Server
connect([username, password], [url], [adminServerName])
Like
WLST>connect(‘weblogic’, ‘welcome1’, ‘t3://myadmin:7001’)

Now you should be  conencted and get prompt like wls:/base_domain/serverConfig>

4. To take help on any command
help(‘command_name’)  like

help(‘displayUserIdentityStoreConfig’)
or
help(‘oam’)

5. To check current identity store
displayUserIdentityStore(name=”ID_store”, domainHome=”domainHome1″)

example
displayUserIdentityStore(name=”UserIdentityStore1″, domainHome=”/oracle/apsp/OAM/user_projects/domains/base_domain”)

You should see output like
________________
Name : UserIdentityStore1, Type : LDAP, LDAP_URL : ldap://ldap-host:7001, SECURITY_PRINCIPAL : cn=Admin, SECURITY_CREDENTIAL : {AES}F8E3A9FAD9D662F753D842979423ED3D, USER_SEARCH_BASE : ou=people,ou=myrealm,dc=base_domain, GROUP_SEARCH_BASE : ou=groups,ou=myrealm,dc=base_domain, USER_NAME_ATTRIBUTE : uid, LDAP_PROVIDER : EMBEDDED_LDAP, UserIdentityProviderType : OracleUserRoleAPI, Role Security Admin : Administrators, Role System Monitor : Monitors, Role Application Administrator : Operators, Role System Manager : Deployers,
_______________

5. To  set UserIdentityStore1 as primary identity store

editUserIdentityStore(name=”UserIdentityStore1″, isPrimary=”true”)

.

References

About the Author Masroof Ahmad

Leave a Comment:

6 comments
ankumar1974 says October 3, 2012

Hi,

I want to use this WLST oam cmd ‘createUserIdentityStore’ to create the identity store for OAM however when i was trying using WLST scripts it is not showing the oam help commands. I have kept weblogic.jar in classpath and tried to run this script which has help() command however it is not loading the help(‘oam’) commands. So please do help me in resolving this issue.

java weblogic.WLST $ScriptDir/OAM/oamstore.py

Reply
    Atul Kumar says October 3, 2012

    @ ankumar1974,
    It all depends on from which directory you are executing wlst.sh . Run it from ORACLE_HOME/common/bin where OAM installed

    Reply
ankumar1974 says October 5, 2012

Hi,

How can i configure Authentication Module using wlst script for OAM. Manually i can login into the OAMConsole —>System Configuration—>Access Manager Settings–>Authentication Module–>LDAP Authentication Module–>LDAP–>Select the identitystore which we added and click apply.

Please let me know how we can do the above step by wlst script.

Thanks
ankumar

Reply
karthiga says June 27, 2013

Could you please let us know the answer for ankumar’s question

We too need to do the same

Regards,
Karthiga

Reply
depthofus says July 19, 2013

Has any one got answer of how to modify Authentication Module using wlst? please help

Reply
Surya Chirravuri says April 1, 2015

Hi,

Is it possible to add resources in bulk using wlst commands in 11g?

Thanks,
Surya

Reply
Add Your Reply