Symantec Identity Management

Expand all | Collapse all

PX Xpress how to execute command line

Jump to Best Answer
  • 1.  PX Xpress how to execute command line

    Posted 03-12-2019 06:34 AM

    Hi all.

    I would like to ask about the policy xpress in Identity Manager. What i found out in this document (Explaining PX Policies (Invoking Of External Code) - CA Knowledge) it shows that Invoking of External code is possible. I'd like to ask about the list of commands that can be used for this. Is this possible to run a CMD / Powershell command line for this? Because in our scenario we do not prefer to use a java wrapper class, but instead to use the command directly from CA Identity Manager.

     

    In this scenario, we are using CA Identity Manager v14.2 in a Virtual Appliance.

     

    Thank you.



  • 2.  Re: PX Xpress how to execute command line
    Best Answer

    Posted 03-12-2019 08:53 AM

    As I wrote in the bottom of that KB Article, you should use a java wrapper to invoke any batch, shell script, or executable. Also note that calling powershell.exe directly does not work as mentioned in the KB Article.

     

    PX Policies should not invoke scripts (i.e. .bat, .cmd) directly but instead should implement a java wrapper that invokes those scripts. When PX Policies invoke an executable or the java wrapper the thread will wait for completion whereas when PX Policies invoke a script the thread will spawn a new cmd.exe and return right away and the new cmd.exe would execute the script. The PX event will show complete regardless of whether the OS was even able to spawn the new cmd.exe which could happen under load. Using the above explained approach could be used to launch any scripts that need to be executed as well.



  • 3.  Re: PX Xpress how to execute command line

    Posted 03-13-2019 02:02 AM

    Thanks for the reply. So it is not possible to write that in the PX Policies directly, yet I have to implement the java wrapper that invoke the script. Is that correct? Or perhaps that is there any way other than putting into a java wrapper?

     

    Thank you.

    Franky