Frequently used commands to configure single sign-on
As an aid to configuring IBM® Security Verify Access single sign-on for IBM Verify Identity Governance, this section lists the most frequently used pdadmin commands. See IBM Security Verify Access documentation for the pdadmin command line.
Type each command in this example on one line.
Defining IBM Security Verify Access user accounts:pdadmin -a sec_master -p password -m user delete -registry "itim manager"
pdadmin -a sec_master -p password -m user create "itim manager"
"cn=itim manager,o=ibm,c=us" "itim manager" "itim manager" tivoli
pdadmin -a sec_master -p password -m user modify "itim manager"
account-valid yes
pdadmin -a sec_master -p password -m user show "itim manager"
pdadmin -a sec_master -p password -m user delete -registry "myname"
pdadmin -a sec_master -p password -m user create "myname"
"cn=My Name,o=ibm,c=us" "My Name" "Name" tivoli
pdadmin -a sec_master -p password -m user modify "myname"
account-valid yes
pdadmin -a sec_master -p password -m user show "myname"
pdadmin -a sec_master -p password -m user delete -registry "teamleader"
pdadmin -a sec_master -p password -m user create "teamleader"
"cn=Team Leader,o=ibm,c=us" "Team Leader" "Leader" tivoli
pdadmin -a sec_master -p tivoli -m user modify "teamleader" account-valid yes
pdadmin -a sec_master -p tivoli -m user show "teamleader"
pdadmin -a sec_master -p password -m server task default-webseald-tam60-server
delete /itimserver
Defining
a WebSEAL TCP or SSL
Junctionpdadmin -a sec_master -p password -m server task default-webseald-tam60-server
create -t tcp -s -j -e utf8_uri -c iv_user -p 9080 -h ITIMServer /itimserver
pdadmin -a sec_master -p password -m server task default-webseald-tam60-server
create -t ssl -s -j -e utf8_uri -c iv_user -p 9443 -h ITIMServer /itimserver
pdadmin -a sec_master -p password -m server task
default-webseald-tam60-server show /itimserver
pdadmin -a sec_master -p password -m acl detach
/WebSEAL/tam60-server-default/itimserver/itim/console
Defining
IBM Security Verify Access
ACLs:pdadmin -a sec_master -p password -m acl delete ITIM-ACL
pdadmin -a sec_master -p password -m acl create ITIM-ACL
pdadmin -a sec_master -p password -m acl detach
/WebSEAL/tam60-server-default/itimserver/itim/self
pdadmin -a sec_master -p password -m acl delete ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl create ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl detach
/WebSEAL/tam60-server-default/itimserver/itim/ui
pdadmin -a sec_master -p password -m acl delete ITIM-ISC-ACL
pdadmin -a sec_master -p password -m acl create ITIM-ISC-ACL
Defining
IBM Security Verify Access groups:pdadmin -a sec_master -p password -m group delete ITIM-Group -registry
pdadmin -a sec_master -p password -m group create
ITIM-Group cn=ITIM-Group,o=ibm,c=us ITIM-Group
pdadmin -a sec_master -p password -m group modify ITIM-Group
add "itim manager"
pdadmin -a sec_master -p password -m group show ITIM-Group
pdadmin -a sec_master -p password -m group
delete ITIM-Self-Service-Group -registry
pdadmin -a sec_master -p password -m group create ITIM-Self-Service-Group
cn=ITIM-Self-Service-Group,o=ibm,c=us ITIM-Self-Service-Group
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group
add "itim manager"
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group
add "myname"
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group
add "teamleader"
pdadmin -a sec_master -p password -m group show ITIM-Self-Service-Group
pdadmin -a sec_master -p password -m group
delete ITIM-ISC-Group -registry
pdadmin -a sec_master -p password -m group create ITIM-ISC-Group
cn=ITIM-ISC-Group,o=ibm,c=us ITIM-ISC-Group
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group
add "itim manager"
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group
add "myname"
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group
add "teamleader"
pdadmin -a sec_master -p password -m group show ITIM-ISC-Group
Associate
the WebSEAL junction to the
ACLs:pdadmin -a sec_master -p password -m acl modify ITIM-ACL
set group ITIM-Group Trx
pdadmin -a sec_master -p password -m acl modify ITIM-ACL
set any-other T
pdadmin -a sec_master -p password -m acl modify ITIM-ACL
set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-ACL
pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL
set group ITIM-Self-Service-Group Trx
pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL
set any-other T
pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL
set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL
set group ITIM-ISC-Group Trx
pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL
set any-other T
pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL
set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-ISC-ACL
pdadmin -a sec_master -p password -m acl attach
/WebSEAL/tam60-server-default/itimserver/itim/console ITIM-ACL
pdadmin -a sec_master -p password -m acl attach
/WebSEAL/tam60-server-default/itimserver/itim/self ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl attach
/WebSEAL/tam60-server-default/itimserver/itim/ui ITIM-ISC-ACL