Access Management 7.4.1

Manage scripts (ssoadm)

Use the ssoadm command’s create-sub-cfg, get-sub-cfg, and delete-sub-cfg subcommands to manage AM scripts.

Create an AM script as follows:

  1. Create a script configuration file, for example, /path/to/myScriptConfigurationFile.txt, containing the following:

    script-file=/path/to/myScriptFile.js
    language=JAVASCRIPT (1)
    name=My New Script
    context=AUTHENTICATION_SERVER_SIDE (2)
    1 Possible values for the language property are:
    • JAVASCRIPT

    • GROOVY

    2 Possible values for the context property are:
    • AUTHENTICATION_CLIENT_SIDE

    • AUTHENTICATION_SERVER_SIDE

    • AUTHENTICATION_TREE_DECISION_NODE

    • CONFIG_PROVIDER_NODE

    • LIBRARY

    • OAUTH2_ACCESS_TOKEN_MODIFICATION

    • OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER

    • OAUTH2_EVALUATE_SCOPE

    • OAUTH2_MAY_ACT

    • OAUTH2_SCRIPTED_JWT_ISSUER

    • OAUTH2_VALIDATE_SCOPE

    • OIDC_CLAIMS

    • POLICY_CONDITION

    • SAML2_IDP_ADAPTER

    • SAML2_IDP_ATTRIBUTE_MAPPER

    • SAML2_SP_ADAPTER

    • SOCIAL_IDP_PROFILE_TRANSFORMATION

  2. Run the ssoadm create-sub-cfg command.

    The --datafile argument references the script configuration file you created in the previous step:

    $ ssoadm \
    create-sub-cfg \
    --realm /myRealm \
    --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
    --password-file /tmp/pwd.txt \
    --servicename ScriptingService \
    --subconfigname scriptConfigurations/scriptConfiguration \
    --subconfigid myScriptID \
    --datafile /path/to/myScriptConfigurationFile.txt
    Sub Configuration scriptConfigurations/scriptConfiguration was added to realm /myRealm

    To list the properties of a script, run the ssoadm get-sub-cfg command:

    $ ssoadm \
    get-sub-cfg \
    --realm /myRealm \
    --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
    --password-file /tmp/pwd.txt \
    --servicename ScriptingService \
    --subconfigname scriptConfigurations/myScriptID
    createdBy=
    lastModifiedDate=
    lastModifiedBy=
    name=My New Script
    context=AUTHENTICATION_SERVER_SIDE
    description=
    language=JAVASCRIPT
    creationDate=
    script=…​Script output follows…​

    To delete a script, run the ssoadm delete-sub-cfg command:

    $ ssoadm \
    delete-sub-cfg \
    --realm /myRealm \
    --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
    --password-file /tmp/pwd.txt \
    --servicename ScriptingService \
    --subconfigname scriptConfigurations/myScriptID
    Sub Configuration scriptConfigurations/myScriptID was deleted from realm /myRealm