Groovy scripts provide advanced rule logic that extends PingAccess rule development beyond the capabilities of the packaged rules. For more information, see Groovy documentation. Groovy scripts have access to important PingAccess runtime objects, such as the Exchange and PolicyContext objects, which the scripts can interrogate and modify. Groovy script rules are invoked during the request processing phase of an exchange, allowing the script to modify the request before it is sent to the server. Groovy script rules are also invoked during the response, allowing the script to modify the response before it is returned to the client. The diagram below highlights the flow of rule processing.

A flowchart of the application of a policy. An incoming request passes through the OAuth scope rule, then OAuth groovy rule, and finally the groovy rule. A response passes through the OAuth groovy rule, and then the groovy rule.

Processing steps

  1. During request processing, rules associated with the application are evaluated.
  2. The request passes through each of the rules before PingAccess allows it to proceed.
  3. The response passes through the rules in a manner based on your deployment:
    1. In a proxy deployment, the response from the site passes through each of the rules.
    2. In an agent deployment, the response to the agent indicating the policy approval or denial passes through each of the rules.