How to install and use OpenSSO CLI (Command Line Administration Interface)

OpenSSO  which is open source branch of Sun Java Access Manager has several module which you should install and configure in case that you want to have similar bundle from its open source branch.

One of main components is OpenSSO itself which you can obtain from  Its nightly builds page; just make sure to select latest link which will take you to the download page with links to OpenSSO modules.
OpenSSO file name should be OpenSSO.war; this file is server side application that handle all authentication and authorization related activities. in the download page you can see several other modules, for this blog entry I will give you some details about installing OpenSSO and Administration Command Line Tools. ((It should be last row link in component download page).

To install OpenSSO, you can follow a detailed installation instruction in OpenSSO easy installation just make sure that you remember value that you determined for  Configuration directory because we will use it to install CLI (Command Line administration Interface).

Now that you have installed OpenSSO you can install its CLI package. Download and extract it somewhere in your hard dist. after you have extracted it follow this sequence to complete its installation open a terminal (cmd)  and navigate to directory that you extract the; execute: setup -p  <OPENSSO_CONFIGURATION_DIRECTORY>

It should echo some text indicating that installation is successful. If you want to know more, Installation is nothing more than creation of batch files that I will talk about one of  them in next step. this batch files use some files that are located in opensso configuration directory to perform their operations.

the file that I will talk about is named amadm.bat or this file let you manage your OpenSSO installation from a command line interface even if opensso server is running. all sub commands of this command has a set of 2 common parameter

  1. -u amAdmin : this is default administration username. you can create more users with administration privileges.
  2. -w <password> it is your password which you determined during opensso installation.

Now lets try some commands

 amadm.bat create-realm -e /realm12 -u amAdmin -w adminadmin 

This command will create a new realm and put its parent is root realm.

 amadm.bat list-realms -e / -u amAdmin -w adminadmin 

This command list all realms that are created under parentship of root realm.

 amadm.bat list-identities -e / -x "*" -t User -u amAdmin -w adminadmin 

This command list all identities of type User which are exists in root realm. you can find a list of all sub commands by calling


By default root realm is named openSSO and your created realm will be a child of that realm, Now you can open openSSO web based administraton console and check the result of CLI with it

Leave a Reply

Your email address will not be published. Required fields are marked *