Groovy scripts provide advanced rule logic that extends PingAccess rule development beyond the capabilities of the packaged rules. For more information, see Groovy documentation. Groovy scripts have access to important PingAccess runtime objects, such as the Exchange and PolicyContext objects, which the scripts can interrogate and modify.

Groovy script rules are invoked during the request processing phase of an exchange, allowing the script to modify the request before it is sent to the server. Groovy script rules are also invoked during the response, allowing the script to modify the response before it is returned to the client. The diagram below highlights the flow of rule processing.

Policy application flowchart. Requests invoke the OAuth scope rule, OAuth Groovy rule, and Groovy rule. Responses only invoke the two Groovy rules.

Processing steps

  1. During request processing, rules associated with the application are evaluated.
  2. The request passes through each of the rules before PingAccess allows it to proceed.
  3. The response passes through the rules in a manner based on your deployment:
    1. In a proxy deployment, the response from the site passes through each of the rules.
    2. In an agent deployment, the response to the agent indicating the policy approval or denial passes through each of the rules.