Page tree
Skip to end of metadata
Go to start of metadata
Topic: Capabilities and best practices for scripting within the ForgeRock platform
Hosts: Andrew Potter / Jon Knight

OpenAM Authentication Modules
Examples of client-side and server-side scripting capabilities in OpenAM.
See also:
Q: Can client-side script modify the standard login page?
A: Client side script can be used for simple user input (see above blogs), but likely to want to implement full custom authentication module using the callback mechanism.
Another example authentication module to enable profile migration: http://identityrelationshipmanagement.blogspot.co.uk/2015/06/mysql-profile-migration-into-opendj.html

Authorisation / Policy Scripts
Talked through example Geovelocity authz policy.
Slight diversion into discussing using authz script ‘custom risk analysis’ within authn chains.
Also then discussed difference between self-service reset ‘stages’ versus AM authn modules (not specifically scripting)

OIDC custom claims scripts
Discussed sample OIDC custom claim script.

IG Script filter
Talked about ability to use groovy scripts as OpenIG filters and handler.
Q: Can transform URLs, for example, add JWT, in AM?
A: Probably, using an OpenIG groovy script.

IDM Connectors
Discussed an example scripted SQL Connector to manage group memberships between IDM managed users and MySQL database.
Individual scripts representing each of the CRUD operations.
Q: Can scripts be broken into mulitple smaller scripts?
A: Each operation has a single script associated, but scripts can call sub-scripts, for example to create a library of commonly used functions.

IDM Properties / Objects
View of IDM user object event hooks: onCreate, onRetrieve, onValidate, etc.
How to use inline scripts, for example, in IDM mapping transformations.

IDM Custom Endpoints
Talked through example of marketing consent + email custom endpoint.
Q: sandbox for unit testing custom scripts? Cumbersome to test with a full installation.
A: not currently, but needs further discussion with engineering around best practices.

Groovy vs Javascript
Where can groovy or javascript be used.
  • No labels