Scripted REST

The Scripted REST application template allows you to provision users to a REST API using the Scripted Groovy Connector Toolkit.

Register the application

In the Advanced Identity Cloud admin console, go to Applications, and click grid_view Browse App Catalog.
In the Browse App Catalog modal, select an application, and click Next.

Select the latest application version.
Review the Application Integration information, and click Next.
In the Application Details window, specify the name, description, application owners, and logo for the application.
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
Click Create Application.

Configure provisioning

The Scripted REST connector is an implementation of the Scripted Groovy Connector Toolkit. It uses Groovy scripts to interact with any REST API. This connector type lets you develop a fully functional REST-based connector for in-house or cloud-based application. For more information, refer to Scripted REST connector.

In the Advanced Identity Cloud admin console, on the Provisioning tab, click Set up Provisioning:
- If setting up provisioning for the first time:
  1. If you have not configured a remote server, click New Connector Server and follow the steps to create a server.
  2. If you configured one remote server, it is automatically selected.
  3. If you configured multiple remote servers, choose a server.
- When editing existing settings in the Connection area, click Settings.

Configure the following fields:

Field Description

Field	Description
Service Address	The service URI (example: `http://myservice.com/api`).
Proxy Address	The optional Proxy server URI (example: `http://myproxy:8080`).
Username	The remote user to authenticate with.
Password	The password to authenticate with.
Default Content Type	The default HTTP request content type. One of `TEXT`, `XML`, `HTML`, `URLENC`, `BINARY`, or `JSON`. If not set, the default value is `JSON`.
Default Request Headers	Placeholder for default HTTP request headers.
Default Authentication Method	The default authentication method for the connection. Specify `BASIC` or `OAUTH`. If not set, the default value is `BASIC`. If Default Authentication Method is set to OAUTH, configure the following fields: Token Endpoint: When using OAuth 2.0, this property defines the endpoint where a new access token should be queried for (https://myserver.com/oauth2/token). Client ID: The secure client identifier for OAuth 2.0. Client Secret: The secure client secret for OAuth 2.0. Refresh Token: The refresh token used to renew the access token for the refresh_token grant type. Scopes: The optional scopes to use for OAuth 2.0.
Grant Type	The grant type to use: `CLIENT_CREDENTIALS` `REFRESH_TOKEN` `AUTHORIZATION_CODE`. If not set, the default value is `CLIENT_CREDENTIALS`.
Custom Sensitive Configuration	Custom Sensitive Configuration script for Groovy ConfigSlurper.
Custom Configuration	Custom Configuration script for Groovy ConfigSlurper.
Script Roots	The root folder that stores the scripts. If the value is null or empty, the classpath value is used.
Authenticate Script	The name of a connector file that uses a custom REST request to implement the ICF authenticate operation. The ICF authenticate operation lets a connector authenticate an object on the target system, usually with a unique identifier (username) and a password.
Create Script	The name of a connector file that uses a custom REST request to implement the ICF create operation. The ICF create operation lets a connector create objects on the target system.
Update Script	The name of a connector file that uses a custom REST request to implement the ICF update operation. The ICF update operation lets a connector update (modify or replace) objects on the target system.
Delete Script	The name of a connector file that uses a custom REST request to implement the ICF delete operation. The ICF delete operation lets a connector delete objects on the target system.
Search Script	The name of a connector file that uses a custom REST request to implement the ICF search operation. The ICF search operation lets a connector search for objects on the target system.
Test Script	The name of a connector file that uses a custom REST request to implement the ICF test operation. The ICF test operation lets a connector test the connector configuration against the target system.
Sync Script	The name of a connector file that uses a custom REST request to implement the ICF sync operation. The ICF sync operation lets a connector poll the target system for synchronization events created by changes to target objects.
Schema Script	The name of a connector file that uses a custom REST request to implement the ICF schema operation. The ICF schema operation lets a connector describe the types of objects that it can handle on the target system and the operations and options that the connector supports for each object type.
Resolve Username Script	The name of a connector file that uses a custom REST request to implement the ICF resolve username operation. The ICF resolve username operation lets a connector resolve an object to its UID, based on its username.
Script On Resource	The name of a connector file that uses a custom REST request to implement the ICF script on resource operation. The ICF script on resource operation lets a connector runs a script directly on the target resource.
Customizer Script	The name of the file that lets you customize the Apache HTTP client connection pool, proxy, default headers, timeouts, and so on.

Service Address

The service URI (example: http://myservice.com/api).

Proxy Address

The optional Proxy server URI (example: http://myproxy:8080).

Username

The remote user to authenticate with.

Password

The password to authenticate with.

Default Content Type

The default HTTP request content type. One of TEXT, XML, HTML, URLENC, BINARY, or JSON. If not set, the default value is JSON.

Default Request Headers

Placeholder for default HTTP request headers.

Default Authentication Method

The default authentication method for the connection. Specify BASIC or OAUTH. If not set, the default value is BASIC.

If Default Authentication Method is set to OAUTH, configure the following fields:

Token Endpoint: When using OAuth 2.0, this property defines the endpoint where a new access token should be queried for (https://myserver.com/oauth2/token).
Client ID: The secure client identifier for OAuth 2.0.
Client Secret: The secure client secret for OAuth 2.0.
Refresh Token: The refresh token used to renew the access token for the refresh_token grant type.
Scopes: The optional scopes to use for OAuth 2.0.

Grant Type

The grant type to use:

CLIENT_CREDENTIALS
REFRESH_TOKEN
AUTHORIZATION_CODE.

If not set, the default value is CLIENT_CREDENTIALS.

Custom Sensitive Configuration

Custom Sensitive Configuration script for Groovy ConfigSlurper.

Custom Configuration

Custom Configuration script for Groovy ConfigSlurper.

Script Roots

The root folder that stores the scripts. If the value is null or empty, the classpath value is used.

Authenticate Script

The name of a connector file that uses a custom REST request to implement the ICF authenticate operation. The ICF authenticate operation lets a connector authenticate an object on the target system, usually with a unique identifier (username) and a password.

Create Script

The name of a connector file that uses a custom REST request to implement the ICF create operation. The ICF create operation lets a connector create objects on the target system.

Update Script

The name of a connector file that uses a custom REST request to implement the ICF update operation. The ICF update operation lets a connector update (modify or replace) objects on the target system.

Delete Script

The name of a connector file that uses a custom REST request to implement the ICF delete operation. The ICF delete operation lets a connector delete objects on the target system.

Search Script

The name of a connector file that uses a custom REST request to implement the ICF search operation. The ICF search operation lets a connector search for objects on the target system.

Test Script

The name of a connector file that uses a custom REST request to implement the ICF test operation. The ICF test operation lets a connector test the connector configuration against the target system.

Sync Script

The name of a connector file that uses a custom REST request to implement the ICF sync operation. The ICF sync operation lets a connector poll the target system for synchronization events created by changes to target objects.

Schema Script

The name of a connector file that uses a custom REST request to implement the ICF schema operation. The ICF schema operation lets a connector describe the types of objects that it can handle on the target system and the operations and options that the connector supports for each object type.

Resolve Username Script

The name of a connector file that uses a custom REST request to implement the ICF resolve username operation. The ICF resolve username operation lets a connector resolve an object to its UID, based on its username.

Script On Resource

The name of a connector file that uses a custom REST request to implement the ICF script on resource operation. The ICF script on resource operation lets a connector runs a script directly on the target resource.

Customizer Script

The name of the file that lets you customize the Apache HTTP client connection pool, proxy, default headers, timeouts, and so on.

Optionally, click Show advanced settings to set any of the following options:

Field Description

Field	Description
Target Directory	Directory into which to write classes.
Warning Level	The warning level of the compiler. If not set, the default value is `1`.
Recompilation Interval	Sets the minimum of time after a script can be recompiled. If not set, the default value is `100`.
Script Base Class	Base class name for scripts (must derive from Script).
Tolerance	The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted. If not set, the default value is `10`.
Debug	If true, debugging code should be activated.
Classpath	The classpath for use during compilation.
Disabled Global AST Transformations	Sets a list of global AST transformations which should not be loaded even if they are defined in `META-INF/org.codehaus.groovy.transform.ASTTransformation` files. By default, none are disabled.
Verbose	If true, the compiler should produce action information.
Source Encoding	The encoding for source files. If not set, the default value is `UTF-8`.
Recompile Groovy Source	If set to true, recompilation is enabled.
Exclude Unmodified	Select this option to synchronize only the modified properties on a target resource.

Target Directory

Directory into which to write classes.

Warning Level

The warning level of the compiler. If not set, the default value is 1.

Recompilation Interval

Sets the minimum of time after a script can be recompiled. If not set, the default value is 100.

Script Base Class

Base class name for scripts (must derive from Script).

Tolerance

The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted. If not set, the default value is 10.

Debug

If true, debugging code should be activated.

Classpath

The classpath for use during compilation.

Disabled Global AST Transformations

Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none are disabled.

Verbose

If true, the compiler should produce action information.

Source Encoding

The encoding for source files. If not set, the default value is UTF-8.

Recompile Groovy Source

If set to true, recompilation is enabled.

Exclude Unmodified

Select this option to synchronize only the modified properties on a target resource.

Click Connect.
Verify the information in the Details tab.

Provision side tabs

The object type determines the side tabs that display on the Provisioning tab. Use the object type list to select an object type, such as Group. Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.

Provisioning tab	Description	Related sections
Details	View and manage an application, including name, ID, and native type.	Select the specific application from Provision settings for an application.
Properties	View and manage properties for the selected object type.	Manage application attributes
Data	View data about the selected object type.	View user access data
Mapping	View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.	Manage mappings
Reconciliation	Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation.	Reconcile and synchronize end-user accounts
Privacy & Consent	Manage end-user data sharing and synchronization.	Configure end-user data sharing
Rules	View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.	Manage provisioning rules
Advanced Sync	Create and manage mappings between an identity profile and an application or between applications.	Manage advanced sync

Provisioning tab

Description

Related sections

Details

View and manage an application, including name, ID, and native type.

Select the specific application from Provision settings for an application.

Properties

View and manage properties for the selected object type.

Manage application attributes

Data

View data about the selected object type.

View user access data

Mapping

View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.

Manage mappings

Reconciliation

Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems.

View and manage rules for the users and groups that use your application.

View and manage schedules for Full and Incremental reconciliation.

Reconcile and synchronize end-user accounts

Privacy & Consent

Manage end-user data sharing and synchronization.

Configure end-user data sharing

Rules

View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.

Manage provisioning rules

Advanced Sync

Create and manage mappings between an identity profile and an application or between applications.

Manage advanced sync