ForgeRock Identity Platform
Does not apply to Identity Cloud

FAQ: Task Scanner in IDM

Last updated Apr 8, 2021

The purpose of this FAQ is to provide answers to commonly asked questions regarding the Task Scanner in IDM.

Frequently asked questions

Q. What date format is used in the Task Scanner for dates such as the sunset/date property?

A. All dates in the Task Scanner, including the sunset/date property, use the ISO 8601 Zulu time format (for example, 2020-12-06T23:59:00.000Z). An example sunset/date property looks like this in the managed/user object:

"sunset": {    "date": "2020-08-01T12:00:00.000Z",     "task-started": "2020-08-26T17:34:55.020Z",     "task-completed": "2020-08-26T17:34:55.245Z"   },

See How do I convert a date stored in DS to a format that the Task Scanner in IDM (All versions) can use? for further information.

Q. What is the taskState property used for in the sample configuration file?

A. The taskState property in the sample configuration file (schedule-taskscan_sunset.json) references the variable names (sunset/task-started and sunset/task-completed) that are used in the managed/user object:

"taskState" : {    "started" : "/sunset/task-started",     "completed" : "/sunset/task-completed" },

These variables are used to store the Task Scanner start message (date and time) and completed message (date and time) in the sunset/date property in the managed/user object (see example above).

Q. Do I need to change the managed/user object to use the sample configuration file provided with IDM?

A. Yes, you need to add an object attribute called sunset that maps to the taskState property included in the sample configuration file (schedule-taskscan_sunset.json). An example user record with this sunset object attribute included looks like this:

{  "phoneNumber": "12345678",   "familyName": "Full",   "givenName": "Moon",   "sunset": {     "task-completed": null,     "task-started": null,     "date": "2020-01-01T12:00:00.000Z"   },   "active": "true",   "userName": "usertosunset",   "email": "moony@example.com",   "accountStatus": "active",   "roles": "internal/role/openidm-authorized",   "password": "Hallo123",   "passwordAttempts": "0",   "lastPasswordAttempt": "Mon Nov 06 2020 20:16:41 GMT+0200 (CEST)" }

The task-completed and task-started attributes must be set to null initially for the Task Scanner to use them correctly.

Once you have added this object attribute, the task-started and task-completed variables in the managed/user object are updated each time the task runs.

Q. How do I refer to task-started and task-completed in the .js script given that dashes are not permitted in JavaScript variable names?

A. You must refer to these variables as follows: ['task-started'] and ['task-completed'] in the .js script called from the configuration file, otherwise your script will not be valid.

If you do not include these variables correctly, you will see the following error when IDM starts:

SEVERE: OpenIDM failure during startup, ACTIVE_NOT_READY: Required services not all started [org.forgerock.openidm.managed]

Q. How is the task-completed date used?

A. The task-completed date is used in the scan-tasks query, which is specified in the database configuration file (repo.jdbc.json - located in the /path/to/idm/conf directory). For example:

"scan-tasks" : "SELECT fullobject FROM ${_dbSchema}.${_mainTable} obj INNER JOIN ${_dbSchema}.${_propTable} prop ON obj.id = prop.${_mainTable}_id LEFT OUTER JOIN ${_dbSchema}.${_propTable} complete ON obj.id = complete.${_mainTable}_id AND complete.propkey=${taskState.completed} INNER JOIN ${_dbSchema}.objecttypes objtype ON objtype.id = obj.objecttypes_id WHERE ( prop.propkey=${property} AND prop.propvalue < ${condition.before} AND objtype.objecttype = ${_resource} ) AND ( complete.propvalue is NULL )",

This example scan-tasks query means only managed users who have not already been scanned (that is, with a null "taskState.completed") are selected.

See Also

How do I configure the Task Scanner in IDM (All versions) to find a user's start date between today and n number of days in the future?

How do I convert a date stored in DS to a format that the Task Scanner in IDM (All versions) can use?

Schedules Guide › Configure the Task Scanner

Schedules Guide

Scripting Guide

Quartz Scheduler - CronTrigger

Related Training

ForgeRock Identity Management Core Concepts (IDM-400)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.