How to read group attributes in OpenAM Scripted Policy Condition

This topic has 3 replies, 3 voices, and was last updated 3 years, 6 months ago by someswara.reddy.karem.

  • Author
  • #24664

    Dear FR friends,

    Currently we have requirement to read group attributes (custom) in “OpenAM Scripted Policy Condition”.
    I’m able to read group using the below code:

    //Read isMemberOf from OpenDJ.
    var userGroup = identity.getAttribute(“isMemberOf”);

    Once I have group information, I need to read custom group attributes (groupScope, groupStatus etc.).
    Is there any SDK to read group attributes similar like identity.getAttribute() method??

    Alternately, I’m thinking to call OpenDJ RESTAPI as the below: Is this right approach??

    request.setUri(“http://opendjusers:8585/api/groups/” + groupName + “?_fields=groupScope&_prettyPrint=true”);
    request.getHeaders().add(‘Content-Type’, ‘application/json’);
    request.getHeaders().add(‘Authorization’, ‘Basic xxxxxxxxxxxxxx’);
    request.getHeaders().add(‘Accept-API-Version’, ‘resource=1.0’);

    However with this approach, I may end-up calling multiple REST API calls if user is belongs to multiple groups.

    Please guide me if you come across similar challenge and how did you address it?

    Thanks for your support.



    You can try OpenAM REST API to get the roles and groups as below


     Peter Major

    The scripts don’t have full access to all AM functionality at the moment, so accomplishing what you are trying to do would be probably simpler with good old Java extensions.


    Thanks Peter and Srinath.

    We have enabled OpenDJ REST2LDAP interface, so inside Policy Condition,I invoke OpenDJ REST API to get list of groups. It works fine.


Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?