openam - create a user with ssoadm

Question

I have new goal. Be able to create users of openam with ssoadm.

I have read the documentation of Openam

https://wikis.forgerock.org/confluence/display/openam/ssoadm-identity#ssoadm-identity-create-identity

However, I don't know how to create a user and then assign it a password. For now I just can create users by openam web, but is not desirable, I want to automatize.

Somebody know how can I create a normal user with ssoadm?

./ssoadm create-identity ? ./ssoadm create-agent ?

UPDATE: I have continued with my investigation :) I think I'm closer than before

$  ./ssoadm create-identity -u amadmin -f /tmp/pwd.txt  -e / -i Test -t User

Minimum password length is 8.

But where is the parameter for password?

Thanks!

Answer 1

To create a new user in the configured data stores you could execute the following ssoadm command:

$ openam/bin/ssoadm create-identity -e / -i helloworld -t User -u amadmin -f .pass -a givenName=Hello sn=World userPassword=changeit

Here you can see that I've defined the password as the userPassword attribute, which is data store dependent really. For my local OpenDJ this is perfectly legal, but if you are using a database or something else, then you'll have to adjust the command accordingly.

If you don't want to provide the attributes on the command line, then you could put all the values into a properties file, for example:

$ echo "givenName=Hello
sn=World
userPassword=changeit" > hello.txt
$ openam/bin/ssoadm create-identity -e / -i helloworld -t User -u amadmin -f .pass -D hello.txt

But I must say that using OpenAM for identity management is not recommended, you should use your data store's own tools to manage identities (i.e. use an LDAP client within your app, or just simply use the ldap* CLI tools). You may find that OpenAM doesn't handle all the different identity management related tasks as normally people would expect, so to prevent surprises use something else for identity management.