---
title: ScriptableIdentityAssertionPluginTechPreview
description: An out-of-the box implementation of IdentityAssertionPluginTechPreview.
component: pinggateway
version: 2024.11
page_id: pinggateway:reference:ScriptableIdentityAssertionPluginTechPreview
canonical_url: https://docs.pingidentity.com/pinggateway/2024.11/reference/ScriptableIdentityAssertionPluginTechPreview.html
revdate: 2025-06-03T09:07:28Z
section_ids:
  ScriptableIdentityAssertionPluginTechPreview-usage: Usage
  ScriptableIdentityAssertionPluginTechPreview-properties: Properties
  ScriptableIdentityAssertionPluginTechPreview-example: Example
  ScriptableIdentityAssertionPluginTechPreview-moreinfo: More information
---

# ScriptableIdentityAssertionPluginTechPreview

An out-of-the box implementation of [IdentityAssertionPluginTechPreview](../_attachments/apidocs/org/forgerock/openig/handler/assertion/IdentityAssertionPluginTechPreview.html).

Use with an [IdentityAssertionHandlerTechPreview](IdentityAssertionHandlerTechPreview.html) for local processing, such as authentication. The plugin returns [IdentityAssertionClaims](../_attachments/apidocs/org/forgerock/openig/handler/assertion/IdentityAssertionClaims.html) to include in the outgoing JWT sent to PingOne Advanced Identity Cloud.

|   |                                                                                                                                                                                                                                                                                                                                                                       |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The IdentityAssertionHandlerTechPreview, ScriptableIdentityAssertionPluginTechPreview, and IdentityAssertionPluginTechPreview are available in [Technology preview](https://docs.pingidentity.com/pinggateway/release-notes/stability.html#interface-stability). They aren't yet supported, may be functionally incomplete, and are subject to change without notice. |

The script must:

* Access the context, request, and claims of an incoming JWT, where the claims are available under the name `incomingClaims`.

* Return an `IdentityAssertionClaims` containing the assertions to add to the outgoing JWT sent to PingOne Advanced Identity Cloud.

## Usage

```json
{
    "name": string,
    "type": "ScriptableIdentityAssertionPluginTechPreview",
    "config": {
        "preProcessingFilter": Filter reference,
        "type": configuration expression<string>,
        "file": configuration expression<string>, // Use either "file"
        "source": [ string, ... ],                // or "source", but not both
        "args": map,
        "clientHandler": Handler reference
    }
}
```

## Properties

For information about other properties for ScriptableIdentityAssertionPluginTechPreview, refer to [Scripts](Scripts.html).

* `"preProcessingFilter"`: *\_Filter [reference](preface.html#definition-reference), required*

  A [Filter](Filters.html) to perform user defined actions, such as local authentication and/or authorization. The Filter can be used to process the request before it reaches the script.

## Example

The following example applies a `preProcessingFilter` that uses a ScriptableFilter to test whether the user is authenticated. If the user isn't authenticated, the request passes to another script to manage authentication.

```
{
  "name": "BasicAuthScriptablePlugin",
  "type": "ScriptableIdentityAssertionPluginTechPreview",
  "config": {
    "type": "application/x-groovy",
    "source": [
      "import org.forgerock.openig.handler.assertion.IdentityAssertionClaims",
      "import org.forgerock.openig.handler.assertion.IdentityAssertionException",
      "if (request.headers.authorization != null && request.headers.authorization.values[0] == 'Basic user:password') {",
          return new IdentityAssertionClaims({Map.of("iguser", "user"))",
      "}",
      "return newExceptionPromise(new IdentityAssertionException('Invalid authentication'))",
    ],
    "preProcessingFilter": {
      "type": "ScriptableFilter",
      "config": {
        "type": "application/x-groovy",
        "source": [
          "if (request.headers.authorization == null) {",
          "    Response response = new Response(Status.UNAUTHORIZED)",
          "    response.headers['WWW-Authenticate'] = \"Basic\"",
          "    return response",
          "}",
          "return next.handle(context, request)",
        ],
      },
    }
  }
}
```

## More information

[org.forgerock.openig.handler.assertion.IdentityAssertionPlugin](../_attachments/apidocs/org/forgerock/openig/handler/assertion/IdentityAssertionPluginTechPreview.html)

[IdentityAssertionClaims](../_attachments/apidocs/org/forgerock/openig/handler/assertion/IdentityAssertionClaims.html)