Seldom Used Commands

The properties command displays system properties.

The time command reports the duration of another command.

The xtimes command repeats a single command as many times as specified in the first argument. This command is used for performance testing purposes. Running a command numerous time provides a more accurate indication of how long a process takes than running it once.

This command can be combined with the time command to report timing statistics on the performance test. By specifying this command first (for example, xtimes 20 time run taskname), the time taken for each command run is reported. By specifying the time command first (for example, time xtimes 20 run taskname), the total time for all of the sequential runs is reported.

The about command displays IdentityIQ's application configuration information.

The threads command displays all active threads in the instance.

The logConfig command reloads the log4j configuration into the instance.

The summary command lists all classes and the count of objects of each class. Changes in these counts for some objects (for example, auditConfig) can indicate potential problems or areas of concern.

The rollback command can undo a change to a role by restoring it from its BundleArchive object. BundleArchive objects are created when role archiving is enabled for IdentityIQ. Role archiving tracks changes made to a role by storing the pre-modification state in a BundleArchive object when the Bundle object is updated. This command only applies to the BundleArchive class.

The rename command changes the name of an object from its existing name to the value specified by the newname parameter.

The object can be found using its old Name or its ID value, but in either case, the newname value is used to update the Name attribute for the object.

The exportJasper command creates a JasperReport XML file from a JasperTemplate object in IdentityIQ. Jasper Report is a third party user interface for report writing. JasperReport XML is not compatible with IdentityIQ's XML so the JasperReport XML is wrapped in a JasperTemplate object when saved in IdentityIQ. The JasperTemplate must be exported to create a file that can be used directly with the Jasper user interface before it can be reformatted.

The import command can be used to re-import a JasperReport object into the database. The import wraps the XML in a JasperTemplate.

The identities command lists the Name, Manager, Roles, and Links for each identity in the system. By default, this information prints to the console (stdout) and can be difficult to read due to screen wrapping. If the output is redirected to a file, it is printed in the file in an easy-to-read style.

The snapshot command takes a snapshot of the named identity as it exists at that moment and archives it in the database as an IdentitySnapshot object. This object provides a historical record of the state of Identity objects at various points in time. Automatic snapshotting can be enabled and configured to create IdentitySnapshot objects at specified intervals or based on system activities (weekly, on aggregation change, etc.). The configuration of this feature can negatively impact system performance.

The score command refreshes the identity score for the named identity and updates that score in the database. Score updates are more commonly executed through the IdentityIQ user interface.

The tasks command lists the Name, State, Next Execution, and Cron Strings for all currently scheduled tasks in the system.

The terminateOrphans command sets the completion status of any open taskResult objects to Terminated. While tasks are running, their taskResults should be in a pending state, but occasionally task results can become orphaned and remain in this non-completed state when the task has finished (or has otherwise been terminated). This command can be used to clean up those orphaned taskResults but it must only be executed when there are no tasks running on the application server or the taskResults for actively running tasks are terminated along with any orphaned results.

This command requires no arguments for execution but an artificial argument please has been added to prevent accidentally running this command.

The certify command creates a manager or application certification. The certification is generated using the installation's default settings/parameters. This command is primarily used for testing purposes.

The command syntax help indicates that this command can generate an application owner certification when an application is specified as a command argument, but this feature has not been updated as the certification components of the product have changed over time. As a result, the application argument for this command is not currently usable.

This command is not recommended. Use the delete command to remove certification objects.

The cancelCertify command can be used to delete a certification object from the system.

The archiveCertification command archives the specified certification (creates a certificationArchive object) and deletes it as an active certification.

The decompressCertification command retrieves the named certificationArchive object and prints it to the console (stdout) in the Certification object's XML format.

The workItem command displays certain details (Owner, Create Date, Expiration Date) for the specified workItem.

This command requires the workItem ID or name value as an input parameter. The workItem ID value (a long hexadecimal number) is obtained using the IdentityIQ console's list workItem command. The workItem Name is not the descriptive name for the workitem, it is a numeric value assigned when the workItem is created. The value is found in the XML representation of each workItem through the Debug pages.

The approve command sets the specified workItem to a Finished state (indicating it was approved), adds any specified completion comments to the workItem, and submits the workItem to the workflower to move it to the next appropriate stage.

This command requires the workItem ID or name value as an input parameter. You can obtain the workItem ID value (a long hexadecimal number) using the IdentityIQ console list workItem command. The workItem Name is not the descriptive name for the workitem, it is a numeric value assigned when the workItem is created. The value is found in the XML representation of each workItem through the Debug pages.

The reject command sets the specified workItem to a Rejected state, adds any specified completion comments to the workItem, and submits the workItem to the workflower to move it to the next appropriate stage.

This command requires the workItem ID or name value as an input parameter. The workItem ID value (a long hexadecimal number) is obtained using the IdentityIQ console's list workItem command. The workItem Name is not the descriptive name for the workitem, it is a numeric value assigned when the workItem is created. The value is found in the XML representation of each workItem through the Debug pages.

The warp command parses an XML file to create an object and then displays the object's XML representation in the console (stdout). If it is not in valid form or its tags do not match the IdentityIQ DTD, a runtimeException is printed to the console describing the error.

The notify command sends an email message to the specified identity using the email template specified. This command does not accept any other parameters that can be passed to the template, so it can only be used for templates whose messages do not rely on variable substitutions to build the content. This command is most often used for testing purposes.

The toAddress argument can contain an identity name or ID or an email address. If it contains an identity name or ID, the email address is retrieved from the identity record.

The authenticate command authenticates a username and password against the pass-through authentication source or the internal IdentityIQ records. No results are returned if the values are authenticated. If the password is incorrect or the user name cannot be found, an error message is displayed in the console (stdout).

The simulateHistory command is used to generate a fake, randomly-generated group index or identity score history for one or more groups or identities. Used for generating test data in a development environment.

The search command looks up an object based on specified criteria, similar to a simplified SQL/HQL interface. A single class name is specified with a list of the attributes to display from that class. Following the where keyword, search filters can be specified in name value sets. All filter values are used in a like comparison. The record is returned if the record's field value contains the specified value string.

The certificationPhase command transitions the specified certification to the specified phase. This command fails if the certification is on or past the requested phase.

The certification is advanced to the next enabled phase after the requested phase if the specified phase is not enabled for the certification. For example, if a certification has neither a Challenge nor a Remediation phase enabled but the command requests that it be advanced to the Challenge phase, the certification is advanced to the End phase.

The certification is sequentially advanced through all enabled phases until it reaches or passes the requested phase. Any business logic that should occur during each phase transition (period enter rules, period end rules, etc.) is executed during the phase advancement.

The impact command reads an XML file containing a Bundle (role) object and performs role impact analysis for the role. The command parses the XML to its object form. Impact analysis is not performed if that object is not a Bundle.

The event command schedules a workflow to run, passing in an Identity name as an argument. By default, the workflow is scheduled 1 second after the command is issued, but a delay can be specified in seconds as a command argument.

The connectorDebug command is used to test a connector or troubleshoot application aggregation issues. Its method parameters determine what is tested and how.

The specific syntax for each of the “methods” is shown below.

The encrypt command is used to encrypt a string. This command is generally only useful for test purposes. It can generate an encrypted password which can be passed in other console commands, for example, the authenticate command.

The hql command executes a search based on a Hibernate Query Language statement. The command syntax matches the sql command's syntax, but this command can select but not update data.

The date command shows the current date and time for the application server or the date and time value for a specified utime (universal time) value.

The shell command escapes out to the command line and runs the command specified. (This command does not work properly in a Windows environment but does work in UNIX.

The meter command toggles metering on or off. While metering is on, the console reports some timing statistics for each command executed. Meter information is displayed after the results of each command as it is executed.

The compress command is designed to compress the contents of a file to a string that can be included within an XML element. It compresses the file and then encodes it to Base64 and writes that text to the specified output file. This resultant file can then be used in an XML element stored in the database. This has limited usefulness within IdentityIQ since no part of the application is designed to read these compressed strings, but custom rules can be used to process them as needed or they can simply be stored in the database to be retrieved and uncompressed for use by an external application at a later time.

The uncompress command functions in exactly the opposite way of the compress command, taking a compressed, Base64-encoded file and returning its uncompressed format.

The clearEmailQueue command deletes all queued but unsent email messages from the IdentityIQ email queue. This includes any new messages that have not yet been sent and messages that have encountered problems that prevented successful delivery.

The clearCache command removes objects from the Hibernate object cache. This can be used when debugging Hibernate issues.

The service command provides information about the background services running in the console. The services include:

• Cache – periodically refreshes cached objects
• SMListener – listens for change events from PE2 change interceptors
• ResourceEvent – looks for change events added to a queue and processes them
• Heartbeat – maintains a Server object for each IdentityIQ instance and periodically updates it so you can tell if an instance is still running
• Task – the Quartz task scheduler
• Request – the IdentityIQ request processor - stopping the Request service also stops partitioned tasks