Symantec IGA

Previously provided resolution (credit Ken V.)

CA IM does not support calling Powershell commands.
This is because Powershell returns "objects" instead of serialized text and therefore the IM application doesn't detect that that the execution is complete.

There is a way to workaround this product limitation and invoke powershell commands as long as you are using JDK 1.6 versus JDK 1.5 by writing your own java class to invoke the powershell instead of relying on the internal IM code. In this way your java class wrapper can force a close.

Start out by reviewing the following Tech Doc so you gain an understanding
of the process involved in using PX to Run Java Code

https://support.ca.com/irj/portal/anonymous/kbtech?docid=583969

You would create a file such as PowershellWrapper.java and inside it has:
package com.ca.px.example;
import java.io.IOException;
public class PowershellWrapper {
public static void main(String[] args) throws IOException
{
String command = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" + " " + args[0];
Runtime runtime = Runtime.getRuntime();
Process proc = runtime.exec(command);
proc.getOutputStream().close();
}
}

You would then compile this file such as:
"c:\program files\java\jdk1.6.0_29\bin\javac.exe" PowershellWrapper.java

You then need to copy the generated PowershellWrapper.class file over to your IM Server as the Tech Doc mentioned (i.e. user_console.war\web-inf\classes\com\ca\px\example).
If you have a cluster you copy it to all nodes.
You then restart IMServer and you define your PX to have the action rule to External Codes\Run Java Code\Execute a main function The class name vaule is com.ca.px.example.PowershellWrapper and you set a Parameter such as c:\\temp\\file.ps1 where your powershell command is in the file.ps1 just like it is now.

From: CA Security Global User CommunityMessage Boards [mailto:CommunityAdmin@communities-mail.ca.com]
Sent: Thursday, April 24, 2014 10:12 AM
To: mb_message.2252815.114132993@myca-email.ca.com
Subject: [CA IdentityMinder (formerly CA Identity Manager) General Discussion] Invoke powershell through CA IDM


Hi All,

I am a bit beginner level in CA IDM.

Need your help in understanding whether there is any direct configuration to invoke powershell script commands from CA IDM interface.(Similar to invoking java code)


Posted by:idm.engineer
--
CA Communities Message Boards
114135533
mb_message.2252815.114132993@myca-email.ca.com<mailto:mb_message.2252815.114132993@myca-email.ca.com>
https://communities.ca.com