Frequently used commands to configure single sign-on

As an aid to configuring IBM® Security Verify Access single sign-on for IBM Verify Identity Governance, this section lists the most frequently used pdadmin commands. See IBM Security Verify Access documentation for the pdadmin command line.

Type each command in this example on one line.

Defining IBM Security Verify Access user accounts:
pdadmin -a sec_master -p password -m user delete -registry "itim manager"
pdadmin -a sec_master -p password -m user create "itim manager" 
	"cn=itim manager,o=ibm,c=us" "itim manager" "itim manager" tivoli

pdadmin -a sec_master -p password -m user modify "itim manager" 
	account-valid yes
pdadmin -a sec_master -p password -m user show "itim manager"

pdadmin -a sec_master -p password -m user delete -registry "myname"
pdadmin -a sec_master -p password -m user create "myname" 
	"cn=My Name,o=ibm,c=us" "My Name" "Name" tivoli

pdadmin -a sec_master -p password -m user modify "myname" 
	account-valid yes
pdadmin -a sec_master -p password -m user show "myname"

pdadmin -a sec_master -p password -m user delete -registry "teamleader"
pdadmin -a sec_master -p password -m user create "teamleader" 
	"cn=Team Leader,o=ibm,c=us" "Team Leader" "Leader" tivoli

pdadmin -a sec_master -p tivoli -m user modify "teamleader" account-valid yes
pdadmin -a sec_master -p tivoli -m user show "teamleader"

pdadmin -a sec_master -p password -m server task default-webseald-tam60-server 
	delete /itimserver
Defining a WebSEAL TCP or SSL Junction
pdadmin -a sec_master -p password -m server task default-webseald-tam60-server 
	create -t tcp -s -j -e utf8_uri -c iv_user -p 9080 -h ITIMServer /itimserver

pdadmin -a sec_master -p password -m server task default-webseald-tam60-server 
	create -t ssl -s -j -e utf8_uri -c iv_user -p 9443 -h ITIMServer /itimserver

pdadmin -a sec_master -p password -m server task 
	default-webseald-tam60-server show /itimserver

pdadmin -a sec_master -p password -m acl detach 
	/WebSEAL/tam60-server-default/itimserver/itim/console
Defining IBM Security Verify Access ACLs:
pdadmin -a sec_master -p password -m acl delete ITIM-ACL
pdadmin -a sec_master -p password -m acl create ITIM-ACL

pdadmin -a sec_master -p password -m acl detach 
	/WebSEAL/tam60-server-default/itimserver/itim/self

pdadmin -a sec_master -p password -m acl delete ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl create ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl detach 
	/WebSEAL/tam60-server-default/itimserver/itim/ui

pdadmin -a sec_master -p password -m acl delete ITIM-ISC-ACL
pdadmin -a sec_master -p password -m acl create ITIM-ISC-ACL
Defining IBM Security Verify Access groups:
pdadmin -a sec_master -p password -m group delete ITIM-Group -registry
pdadmin -a sec_master -p password -m group create 
	ITIM-Group cn=ITIM-Group,o=ibm,c=us ITIM-Group

pdadmin -a sec_master -p password -m group modify ITIM-Group 
	add "itim manager"
pdadmin -a sec_master -p password -m group show ITIM-Group

pdadmin -a sec_master -p password -m group 
	delete ITIM-Self-Service-Group -registry
pdadmin -a sec_master -p password -m group create ITIM-Self-Service-Group 
	cn=ITIM-Self-Service-Group,o=ibm,c=us ITIM-Self-Service-Group
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group 
	add "itim manager"
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group 
	add "myname"
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group 
	add "teamleader"
pdadmin -a sec_master -p password -m group show ITIM-Self-Service-Group
pdadmin -a sec_master -p password -m group 
	delete ITIM-ISC-Group -registry
pdadmin -a sec_master -p password -m group create ITIM-ISC-Group 
	cn=ITIM-ISC-Group,o=ibm,c=us ITIM-ISC-Group
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group 
	add "itim manager"
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group 
	add "myname"
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group 
	add "teamleader"
pdadmin -a sec_master -p password -m group show ITIM-ISC-Group
Associate the WebSEAL junction to the ACLs:
pdadmin -a sec_master -p password -m acl modify ITIM-ACL 
	set group ITIM-Group Trx 
pdadmin -a sec_master -p password -m acl modify ITIM-ACL 
	set any-other T
pdadmin -a sec_master -p password -m acl modify ITIM-ACL 
	set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-ACL

pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL 
	set group ITIM-Self-Service-Group Trx

pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL 
	set any-other T 
pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL 
	set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-Self-Help-ACL

pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL 
	set group ITIM-ISC-Group Trx

pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL 
	set any-other T 
pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL 
	set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-ISC-ACL
pdadmin -a sec_master -p password -m acl attach 
  /WebSEAL/tam60-server-default/itimserver/itim/console ITIM-ACL 

pdadmin -a sec_master -p password -m acl attach 
  /WebSEAL/tam60-server-default/itimserver/itim/self ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl attach 
  /WebSEAL/tam60-server-default/itimserver/itim/ui ITIM-ISC-ACL