Unraveling OAM Service Providers, partner profiles and authentication schemes

Unraveling your OAM Service providers

Service providers in OAM are mapped to  partner profiles and authentication schemes. These are defined with wlst commands. Unfortunately, these settings are not visible in the OAM console. They can be discovered by looking in the oam-config.xml file, but that is a rather tedious exercise.

There is a set of wlst-commands to unravel the structure. I will try to describe them below.

Listing all serviceproviders

Serviceproviders can be listed with the command

getAllFederationServiceProviders()

Partner profiles

ServiceProviders have partner profiles attached to them. A list of partner profiles can be retrieved with the command

listFedPartnerProfiles()

To see which partner profile is attached to a SP, use

getFedPartnerProfile(<partner>,”SP”)

The other way round, to see which partners are attached to a profile, use

listFedPartnersForProfile(<PartnerProfile>)

Authentication schemes

Now, you may want  to check which authentication scheme is used for a partner. This is tricky: the authentication  scheme can be defined on the partner profile level or on the SP level, or both.  If both are defined, the SP level scheme supersedes the profile level scheme. Problem: once defined on the SP level, it can only be deleted with

 deletePartnerProperty(partnerName,partnerType, “defaultschemeid”)

To check the scheme on the SP level, use

getPartnerProperty(“<partnerName>”, “sp”, “defaultschemeid”)

If no default scheme is defined, you will get no answer.

To check the scheme on the partner profile level, use

displayFedPartnerProfile(<PartnerProfile>)

and look for the property defaultschemeid.