How to Edit (create, delete, modify) Identity Store of OAM 11g from command line (WLST) – editUserIdentityStoreConfig

In today’s post I am going to show command line tool WLST (Weblogic Scripting Tool) to manage configuration of Oracle Access Manager 11g . 
OAM administrator and user identities are stored within an LDAP server for use during authentication and authorization. By default OAM 11g uses weblogic’s embedded LDAP server as its Identity Store.

In my earlier post here I explained How to create Identity Store for OAM 11g pointing to enterprise LDAP server like OID or Active Directory using OAM Console (Graphical User Interface to manage configuration). In below example, I will explain how to change default identity store of OAM 11g back to Identity Store “UserIdentityStore1” using WebLogic Scripting Commands for OAM 11g.

1. Set Environment variable

2. Start WLST

Now you should get prompt like

3.Connect to WebLogic Admin Server
connect([username, password], [url], [adminServerName])
WLST>connect(‘weblogic’, ‘welcome1’, ‘t3://myadmin:7001’)

Now you should be  conencted and get prompt like wls:/base_domain/serverConfig>

4. To take help on any command
help(‘command_name’)  like


5. To check current identity store
displayUserIdentityStore(name=”ID_store”, domainHome=”domainHome1″)

displayUserIdentityStore(name=”UserIdentityStore1″, domainHome=”/oracle/apsp/OAM/user_projects/domains/base_domain”)

You should see output like
Name : UserIdentityStore1, Type : LDAP, LDAP_URL : ldap://ldap-host:7001, SECURITY_PRINCIPAL : cn=Admin, SECURITY_CREDENTIAL : {AES}F8E3A9FAD9D662F753D842979423ED3D, USER_SEARCH_BASE : ou=people,ou=myrealm,dc=base_domain, GROUP_SEARCH_BASE : ou=groups,ou=myrealm,dc=base_domain, USER_NAME_ATTRIBUTE : uid, LDAP_PROVIDER : EMBEDDED_LDAP, UserIdentityProviderType : OracleUserRoleAPI, Role Security Admin : Administrators, Role System Monitor : Monitors, Role Application Administrator : Operators, Role System Manager : Deployers,

5. To  set UserIdentityStore1 as primary identity store

editUserIdentityStore(name=”UserIdentityStore1″, isPrimary=”true”)



Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

ankumar1974 says October 3, 2012


I want to use this WLST oam cmd ‘createUserIdentityStore’ to create the identity store for OAM however when i was trying using WLST scripts it is not showing the oam help commands. I have kept weblogic.jar in classpath and tried to run this script which has help() command however it is not loading the help(‘oam’) commands. So please do help me in resolving this issue.

java weblogic.WLST $ScriptDir/OAM/

    Atul Kumar says October 3, 2012

    @ ankumar1974,
    It all depends on from which directory you are executing . Run it from ORACLE_HOME/common/bin where OAM installed

ankumar1974 says October 5, 2012


How can i configure Authentication Module using wlst script for OAM. Manually i can login into the OAMConsole —>System Configuration—>Access Manager Settings–>Authentication Module–>LDAP Authentication Module–>LDAP–>Select the identitystore which we added and click apply.

Please let me know how we can do the above step by wlst script.


karthiga says June 27, 2013

Could you please let us know the answer for ankumar’s question

We too need to do the same


depthofus says July 19, 2013

Has any one got answer of how to modify Authentication Module using wlst? please help

Surya Chirravuri says April 1, 2015


Is it possible to add resources in bulk using wlst commands in 11g?


Add Your Reply