Scripting

Guide to scripting for PingIDM.

Scripting lets you extend IDM functionality. For example, you can provide custom logic between source and target mappings, define correlation rules, filters, triggers, and so on. This guide shows you how to use scripts in IDM and provides reference information on the script engine.

Script Configuration

Modify the parameters to compile, debug, and run scripts.

Custom Endpoints

Run arbitrary scripts through the REST URI.

Script Triggers

Learn where and how you can trigger scripts.

Script Variables

Learn about the variables available to scripts.

IDM supports scripts written in JavaScript and Groovy, and uses the following libraries:

Rhino version 1.7.14 to run JavaScript.

Rhino has limited support for ES6 / ES2015 (JavaScript version 1.7). For more information, refer to Rhino ES2015 Support.
Groovy version 3.0.22 for Groovy script support.

Lodash 3.10.1 and Handlebars 4.7.7 for Rhino scripting.

Using Handlebars JS in server-side JS scripts requires synchronization; for example:

var Handlebars = require("lib/handlebars");
var result = new Packages.org.mozilla.javascript.Synchronizer(function() {
  var template = Handlebars.compile("Handlebars {{doesWhat}}");
  return template({ doesWhat: "rocks!" });
}, Handlebars)();
console.log(result);

javascript

BouncyCastle 1.70 for signing JWTs.

The BouncyCastle .JAR file that is bundled with IDM includes the org.bouncycastle.asn1.util.Dump command-line utility. Although this utility is not used directly by IDM, it is possible to reference the utility in your scripts. Due to a security vulnerability in this utility, you should not reference it in your scripts. For more information, refer to the corresponding BouncyCastle issue.

Script options and locations are defined in the script configuration.

Default scripts are located in (/path/to/openidm/bin/defaults/script/). Do not modify the scripts in this directory. Rather copy the default scripts to a different location, make the changes, and update the referenced scripts in the applicable conf/ file. You can put custom scripts in any of the locations referenced in the sources property in conf/script.json.

Name changes for ForgeRock products

Product names changed when ForgeRock became part of Ping Identity.

The following name changes have been in effect since early 2024:

Old name	New name
ForgeRock Identity Cloud	PingOne Advanced Identity Cloud
ForgeRock Access Management	PingAM
ForgeRock Directory Services	PingDS
ForgeRock Identity Management	PingIDM
ForgeRock Identity Gateway	PingGateway

Old name

New name

ForgeRock Identity Cloud

PingOne Advanced Identity Cloud

ForgeRock Access Management

PingAM

ForgeRock Directory Services

PingDS

ForgeRock Identity Management

PingIDM

ForgeRock Identity Gateway

PingGateway

Learn more about the name changes in New names for ForgeRock products in the Knowledge Base.