Manage scripts (REST)
AM provides the scripts endpoint to manage scripts using REST calls.
The following actions are available:
User-created scripts are realm-specific, hence the URI for the scripts' API can contain a realm component,
such as /json{/realm}/scripts.
If the realm is not specified in the URI, the top level realm is used.
|
AM includes some global example scripts that can be used in any realm. |
Scripts are represented in JSON and take the following form.
Scripts are built from standard JSON objects and values
(strings, numbers, objects, sets, arrays, true, false, and null).
Each script has a system-generated universally unique identifier (UUID),
which must be used when modifying existing scripts. Renaming a script will not affect the UUID:
{
"_id": "7e3d7067-d50f-4674-8c76-a3e13a810c33",
"name": "Scripted Module - Server Side",
"description": "Default global script for server side Scripted Authentication Module",
"script": "dmFyIFNUQVJUX1RJ...",
"language": "JAVASCRIPT",
"context": "AUTHENTICATION_SERVER_SIDE",
"createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org",
"creationDate": 1433147666269,
"lastModifiedBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org",
"lastModifiedDate": 1433147666269,
"evaluatorVersion": "1.0"
}The values for the fields shown in the example are explained below:
_id-
The UUID that AM generates for the script.
name-
The name provided for the script.
description-
An optional text string to help identify the script.
script-
The source code of the script. The source code is in UTF-8 format and encoded into Base64.
For example, a script such as the following:
var a = 123; var b = 456;When encoded into Base64 becomes:
dmFyIGEgPSAxMjM7IA0KdmFyIGIgPSA0NTY7 language-
The language the script is written in:
JAVASCRIPTorGROOVY. The script context determines the supported language(s). context-
The context type of the script.
Supported values are:
| Value | Description |
|---|---|
|
Client-side authentication script |
|
Server-side authentication script |
|
Authentication scripts used by Scripted Decision nodes |
|
Configuration Provider node script |
|
Access token modification script |
|
Script to enhance the data returned from the OAuth 2.0 provider in the authorization request |
|
Script to customize the scopes in an OAuth 2.0 access token |
|
Script to add |
|
Script to configure a trusted JWT issuer |
|
Script to validate the requested scopes |
|
Modify OIDC claims when issuing an ID token or calling the |
|
Reuse code with a library script |
|
Scripted conditions for authorization policies |
|
Scripts for customizing the authentication request in a SAML 2.0 journey |
|
Scripts for customizing SAML 2.0 attribute mapping |
|
Scripts for customizing the authentication request on the SP side in a SAML 2.0 journey |
|
Map fields from the social IDP to fields expected by AM |
createdBy-
A string containing the universal identifier DN of the subject that created the script.
creationDate-
An integer containing the creation date and time, in ISO 8601 format.
lastModifiedBy-
A string containing the universal identifier DN of the subject that most recently updated the resource type.
If the script has not been modified since it was created, this property will have the same value as
createdBy. lastModifiedDate-
A string containing the last modified date and time, in ISO 8601 format.
If the script has not been modified since it was created, this property will have the same value as
creationDate. evaluatorVersion-
A number representing the script engine version:
1.0for legacy or2.0for next-generation. Refer to Next-generation scripts for details.When invalid or unspecified, the value defaults to
1.0for all script types except library scripts, which are always2.0(next-generation).