Accessing external data sources via server-side script

Tagged: ,

This topic has 3 replies, 3 voices, and was last updated 6 years, 1 month ago by Peter Major.

  • Author
    Posts
  • #11698
     Gregory Wright
    Participant

    I have a few questions with regards to the server-side scripting capability for policy conditions added in OpenAM 13:

    * Does the HTTP client interface support HTTPS with mutual PKI authentication, for accessing web services that require a client PKI certificate?

    * If so, how does OpenAM choose the client certificate to be used?

    * Is there a way to perform a database query from within a server-side Groovy script, to lookup information that does not reside within the LDAP repository (such as resource metadata)?

    Basically we’re looking at scripting as a way to eliminate the need to build custom Java modules to reach out to a database or web service to pull in additional information about a protected resource while evaluating policy conditions.

    Thank you!

    #11899
     Jamie Bowen
    Moderator

    Hi Gregory,

    The OpenAM team are really busy finishing off a release this week and will get around to answering some questions on the forum next week if no-one else helps in the meantime.

    Jamie

    #12737
     Gregory Wright
    Participant

    @jamiebowen would it be possible to get someone to look at this? Circling back around to this finally, and would love to have an answer.

    #12778
     Peter Major
    Moderator

    Usually client authentication is done by using the private key coming from the configured keystore (javax.net.ssl.keyStore JVM property), if you only have one key in it, then that will be used. If there are multiple keys, then I don’t really know what happens. :)
    Writing the condition in Java is maybe a little bit more work, but it will be more performant in the end and you won’t have to worry about API limitations.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?