Topic: Capabilities and best practices for scripting within the ForgeRock platform
Hosts: Andrew Potter / Jon Knight
OpenAM Authentication Modules
Examples of client-side and server-side scripting capabilities in OpenAM.
Q: Can client-side script modify the standard login page?
A: Client side script can be used for simple user input (see above blogs), but likely to want to implement full custom authentication module using the callback mechanism.
Another example authentication module to enable profile migration: http://identityrelationshipmanagement.blogspot.co.uk/2015/06/mysql-profile-migration-into-opendj.html
Authorisation / Policy Scripts
Talked through example Geovelocity authz policy.
Slight diversion into discussing using authz script ‘custom risk analysis’ within authn chains.
Also then discussed difference between self-service reset ‘stages’ versus AM authn modules (not specifically scripting)
OIDC custom claims scripts
Discussed sample OIDC custom claim script.
Also see http://identityrelationshipmanagement.blogspot.co.uk/2015/12/scripted-openid-connect-claims-and.html
IG Script filter
Talked about ability to use groovy scripts as OpenIG filters and handler.
Q: Can transform URLs, for example, add JWT, in AM?
A: Probably, using an OpenIG groovy script.
Discussed an example scripted SQL Connector to manage group memberships between IDM managed users and MySQL database.
Individual scripts representing each of the CRUD operations.
Q: Can scripts be broken into mulitple smaller scripts?
A: Each operation has a single script associated, but scripts can call sub-scripts, for example to create a library of commonly used functions.
IDM Properties / Objects
View of IDM user object event hooks: onCreate, onRetrieve, onValidate, etc.
How to use inline scripts, for example, in IDM mapping transformations.
IDM Custom Endpoints
Talked through example of marketing consent + email custom endpoint.
Q: sandbox for unit testing custom scripts? Cumbersome to test with a full installation.
A: not currently, but needs further discussion with engineering around best practices.