Access Management

Manage scripts (ssoadm)

Use the ssoadm command’s create-sub-cfg, get-sub-cfg, and delete-sub-cfg subcommands to manage AM scripts.

Create an AM script as follows:

  1. Create a script configuration file, for example, /path/to/myScriptConfigurationFile.txt, containing the following:

    script-file=/path/to/myScriptFile.js
language=JAVASCRIPT (1)
name=My New Script
context=AUTHENTICATION_SERVER_SIDE (2)
    1 Possible values for the language property are:

    • JAVASCRIPT

    • GROOVY
    2 Possible values for the context property are:

    • AUTHENTICATION_CLIENT_SIDE

    • AUTHENTICATION_SERVER_SIDE

    • AUTHENTICATION_TREE_DECISION_NODE

    • CONFIG_PROVIDER_NODE

    • LIBRARY

    • OAUTH2_ACCESS_TOKEN_MODIFICATION

    • OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER

    • OAUTH2_EVALUATE_SCOPE

    • OAUTH2_MAY_ACT

    • OAUTH2_SCRIPTED_JWT_ISSUER

    • OAUTH2_VALIDATE_SCOPE

    • OIDC_CLAIMS

    • POLICY_CONDITION

    • SAML2_IDP_ADAPTER

    • SAML2_IDP_ATTRIBUTE_MAPPER

    • SAML2_SP_ADAPTER

    • SOCIAL_IDP_PROFILE_TRANSFORMATION

  2. Run the ssoadm create-sub-cfg command.

    The --datafile argument references the script configuration file you created in the previous step:

    $ ssoadm \
create-sub-cfg \
--realm /myRealm \
--adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
--password-file /tmp/pwd.txt \
--servicename ScriptingService \
--subconfigname scriptConfigurations/scriptConfiguration \
--subconfigid myScriptID \
--datafile /path/to/myScriptConfigurationFile.txt
Sub Configuration scriptConfigurations/scriptConfiguration was added to realm /myRealm

    To list the properties of a script, run the ssoadm get-sub-cfg command:

    $ ssoadm \
get-sub-cfg \
--realm /myRealm \
--adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
--password-file /tmp/pwd.txt \
--servicename ScriptingService \
--subconfigname scriptConfigurations/myScriptID
createdBy=
lastModifiedDate=
lastModifiedBy=
name=My New Script
context=AUTHENTICATION_SERVER_SIDE
description=
language=JAVASCRIPT
creationDate=
script=…​Script output follows…​

    To delete a script, run the ssoadm delete-sub-cfg command:

    $ ssoadm \
delete-sub-cfg \
--realm /myRealm \
--adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
--password-file /tmp/pwd.txt \
--servicename ScriptingService \
--subconfigname scriptConfigurations/myScriptID
Sub Configuration scriptConfigurations/myScriptID was deleted from realm /myRealm