Console commands

Related topics

Commands and parameters refernces

The following table displays a list of console commands that you can issue in the EC for Okta server:

CommandCommand function
S procnameStarts the EC for Okta server
P ssidStops the EC for Okta server
F ssid,SPINForces the RSOLOG to close and reopen (SPIN)
F ssid,ALTER MAXTASKS( 1 – 255 )

Changes the maximum number of authentication threads to the Okta server

Important

Lowering the maximum task number doesn't terminate the request threads.

F ssid,ALTER TIMEOUT( 1 – 300 )

Changes the authentication request timeout limit

This limits the amount of time an authentication request waits for a response from the Okta Gateway. Access is denied upon timeout.

Important

The server timeout time should be greater than the Okta gateway timeout time. Contact your administrator and set your parameter slightly higher (5 seconds) than their workflow timeout to allow for any network delays in getting the timeout response to the EC for Okta server.

F ssid,DISPLAY PARMSDisplays the current value of the processing parameters, including any modifications made via the ALTER console command.
F ssid,DISPLAY STATSDisplays the current real-time processing statistics
F ssid,LISTEXITLists the ICHRIX02 dynamic exits

The EC for Okta server is non-cancellable. If the server does not terminate when you use the P ssid command, you must issue a FORCE ssid to terminate the server.

The EC for Okta server produces a log (RSOLOG) that records authentication requests and their responses. Messages similar to the following ones are produced:

2025/03/23 12:50:59.236 RSO0990I Processing authentication request for ?userid       

                 ?user name                     

                 JOBNAME(?jobname) JOBID(J0454596) ASIDX(0319)       

2025/03/23 12:51:16.071 RSO0998I USER ?userid access denied by user on 03/23/2025 at 12:50:58

                 ?user name                     

                 JOBNAME(?jobname) JOBID(J0454596) ASIDX(0319)       

Message RSO0998I indicates that access is denied and provides a description of the denial. The following table displays the message descriptions:

Access typeDescription
Denied by userUser responded NO to the verification request
Denied by password fallbackMFA connection failure. Password fallback denied access
Denied (negative MFA response)Negative response from the Okta server (possibly MFA ID is not valid)
Denied by exit failureEC for Okta exit failure. Password fallback denied access. Possibly an abend in the exit
Denied by timeout failureEC for Okta timeout occurred. Password fallback denied access

Message RSO0999I indicates that access is allowed and provides a description of the authorization. The following table displays the message descriptions:

Access typeDescription
Allowed by userUser responded YES to the verification request
Allowed by password fallbackMFA connection failure. Password fallback allowed access
Allowed (MFA bypassed)MFA verification is not required
Allowed by exit failureEC for Okta exit failure. Password fallback allowed access. Possibly an abend occurred in the exit
Allowed by timeout failureEC for Okta timeout occurred. Password fallback allowed access

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*