These are the commands used with Identity Discovery tool. The CLI is available on Mac OS, Windows, and Linux. Use it to connect and analyze your SiteMinder environment and launch the web app.
Commands
Help
Get Help about any command.
Windows Command Prompt
Mac OS Terminal/Linux Command Line
1
discovery help
Copied!
1
./discovery help
Copied!
Get help with specific commands by appending -h after any command.
Windows Command Prompt
Mac OS Terminal/Linux Command line
1
discovery export -h
Copied!
1
./discovery export -h
Copied!
Login
Use the login command to authenticate to the IdP to save target information.
base-url string Base URL and Port number of the SiteMinder instance. e.g. https://your.siteminder.com:443
--username or -u
the the username with Administrative privileges used to authenticate to your SiteMinder instance
SiteMinder password can be set either with (1) environment variable (SM_PASSWORD) or (2) interactive if no flag/environment variable is set.
Extract
The extractcommand queries SiteMinder for configuration and policies. Outputs a JSON file that can be used with the analyze and translate commands.
Windows Command Prompt
Mac OS Terminal/Linux Command Line
1
discovery extract
Copied!
1
./discovery extract
Copied!
Extract Flags:
-m max-concurrency int
Maximum concurrency of HTTP calls (default 4). Increasing this value will speed up the analysis.
-r redact-headers string
Comma-separated list of fragments to redact matching HTTP header
Load Logs
With the load-smaccess-logscommand you can enhance the discovery with SiteMinder traffic data by incorporating the Policy Server Audit log. You can find the log file at /{siteminder home}/log/smaccess.log.
Windows Command Prompt
Mac OS Terminal/Linux Command Line
1
discovery load-smaccess-logs --path "<path to copy of log file>*"
Copied!
1
./discovery load-smaccess-logs --path "<path to copy of log file>*"
Copied!
This an optional step, but must be run before the export step in order for the traffic data to appear in the analysis.
Load Logs Flags
--path
string Path to directory with IdP access logs, accepts wildcard(*) when quoted
--clear
clears SiteMinder access logs
Export
The export command creates a .json export based on discovered identity configurations. The resulting .json file is used by the tool to visualize the data. You need to choose a location that is accessible to workstation you plan to use to explore the data.
location and name of the exported JSON file. e.g. my_analysis.json
Serve
The serve command launches the web application locally (http://localhost:3001) using your default web-browser so you can visually explore the discovered data.
Windows Command Prompt
Mac OS Terminal/Linux Command Line
1
discovery serve --export-json <target location and json file>.json
Copied!
1
./discovery serve --export-json <target location and json file>.json
Copied!
Serve Flags
--export-json string (required)
the target location and .json file you would like to explore
To quit the application close your command line window or press ctrl+c
Status
The status command displays the configuration and summary of collected data, including:
targeted SiteMinder environment & user directories
summary of SiteMinder extract
summary of loaded logs
Windows Command Prompt
Mac OS Terminal/Linux Command Line
1
discovery status
Copied!
1
./discovery status
Copied!
Version
The version command displays the build date and version of the tool.