ScriptableIdentityAssertionPluginTechPreview
An out-of-the box implementation of IdentityAssertionPluginTechPreview.
Use with an IdentityAssertionHandlerTechPreview for local processing, such as authentication. The plugin returns IdentityAssertionClaims to include in the outgoing JWT sent to Identity Cloud.
The IdentityAssertionHandlerTechPreview, ScriptableIdentityAssertionPluginTechPreview, and IdentityAssertionPluginTechPreview are available in Technology preview. They aren’t yet supported, may be functionally incomplete, and are subject to change without notice. |
The script must:
-
Access the context, request, and claims of an incoming JWT, where the claims are available under the name
incomingClaims
. -
Return an
IdentityAssertionClaims
containing the assertions to add to the outgoing JWT sent to Identity Cloud.
Usage
{
"name": string,
"type": "ScriptableIdentityAssertionPluginTechPreview",
"config": {
"preProcessingFilter": Filter reference,
"type": configuration expression<string>,
"file": configuration expression<string>, // Use either "file"
"source": [ string, ... ], // or "source", but not both
"args": map,
"clientHandler": Handler reference
}
}
Properties
For information about other properties for ScriptableIdentityAssertionPluginTechPreview, refer to Scripts.
Example
The following example applies a preProcessingFilter
that uses a ScriptableFilter
to test whether the user is authenticated. If the user isn’t authenticated, the
request passes to another script to manage authentication.
{ "name": "BasicAuthScriptablePlugin", "type": "ScriptableIdentityAssertionPluginTechPreview", "config": { "type": "application/x-groovy", "source": [ "import org.forgerock.openig.handler.assertion.IdentityAssertionClaims", "import org.forgerock.openig.handler.assertion.IdentityAssertionException", "if (request.headers.authorization != null && request.headers.authorization.values[0] == 'Basic user:password') {", return new IdentityAssertionClaims({Map.of("iguser", "user"))", "}", "return newExceptionPromise(new IdentityAssertionException('Invalid authentication'))", ], "preProcessingFilter": { "type": "ScriptableFilter", "config": { "type": "application/x-groovy", "source": [ "if (request.headers.authorization == null) {", " Response response = new Response(Status.UNAUTHORIZED)", " response.headers['WWW-Authenticate'] = \"Basic\"", " return response", "}", "return next.handle(context, request)", ], }, } } }