Skip to Content

Console commands

Related topics

Commands and parameters

The following table displays a list of console commands that you can issue in the EC for Okta server:

CommandDescription
S procNameStarts the EC for Okta server
P ssidStops the EC for Okta server
F ssid,SPINForces the RSOLOG to close and reopen (SPIN)
F ssid,ALTER MAXTASKS(number)

Changes the maximum number of authentication threads to the Okta server

Warning
Important

Valid values are 1 to 255.
Reducing the maximum task number doesn't terminate the request threads.

F ssid,ALTER TIMEOUT(number)

Changes the authentication request timeout limit, which limits the amount of time an authentication request waits for a response from the Okta Gateway. Access is denied upon timeout.

Warning
Important

Valid values are 1 to 300.
The Okta Gateway timeout time should be less than the server timeout time. Contact your administrator and set your parameter slightly higher (5 seconds) than their workflow timeout to allow for any network delays in getting the timeout response to the EC for Okta server.

F ssid,DISPLAY PARMSDisplays the current value of the processing parameters, including any modifications made via the ALTER console command
F ssid,DISPLAY STATSDisplays the current real-time processing statistics
F ssid,LISTEXITLists the ICHRIX02 dynamic exits
F ssid,DISPLAY XCF    Generates message RSO0160I and lists all the EC for Okta servers currently associated with the XCF group of the server
F ssid,DISPLAY SERVERS   Generates message RSO0165I and lists all the EC for Okta servers running in the sysplex. The servers do not have to be members of the same XCF group
F ssid,LICENSE               Processes or reprocesses the BMC license key to activate a new license

The EC for Okta server is non-cancellable. If the server does not stop when you use the P ssid command, you must issue a FORCE ssid to stop the server.

The EC for Okta server produces a log (RSOLOG) that records authentication requests and their responses, such as the following sample:

2025/03/23 12:50:59.236 RSO0990I Processing authentication request for <userID>       

                 ?<userName>                     

                 JOBNAME(?<jobName>) JOBID(J0454596) ASIDX(0319)       

2025/03/23 12:51:16.071 RSO0998I USER ?<userID> access denied by user on 03/23/2025 at 12:50:58

                 ?user name                     

                 JOBNAME(?<jobName>) JOBID(J0454596) ASIDX(0319)       

Message RSO0998I indicates that access is denied and provides a description of the denial. The following table describes the message content:

Access typeDescription
Denied by userUser responded NO to the verification request
Denied by password fallbackMFA connection failure. Password fallback denied access.
Denied (negative MFA response)Negative response from the Okta server (the MFA ID might be invalid)
Denied by exit failureEC for Okta exit failure. Password fallback denied access. Possibly an abend occurred in the exit.
Denied by timeout failureEC for Okta timeout occurred. Password fallback denied access.

Message RSO0999I indicates that access is allowed and provides a description of the authorization. The following table describes the message content:

Access typeDescription
Allowed by userUser responded YES to the verification request
Allowed by password fallbackMFA connection failure. Password fallback allowed access.
Allowed (MFA bypassed)MFA verification is not required.
Allowed by exit failureEC for Okta exit failure. Password fallback allowed access. An abend might have occurred in the exit.
Allowed by timeout failureEC for Okta timeout occurred. Password fallback allowed access.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Enterprise Connector for Okta 1.2