Tagged: #OpenAM, #openDJ, Scripted Policy Condition
This topic has 3 replies, 3 voices, and was last updated 3 years, 6 months ago by someswara.reddy.karem.
-
AuthorPosts
-
February 1, 2019 at 12:15 pm #24664
someswara.reddy.karem
ParticipantDear FR friends,
Currently we have requirement to read group attributes (custom) in “OpenAM Scripted Policy Condition”.
I’m able to read group using the below code://Read isMemberOf from OpenDJ.
var userGroup = identity.getAttribute(“isMemberOf”);Once I have group information, I need to read custom group attributes (groupScope, groupStatus etc.).
Is there any SDK to read group attributes similar like identity.getAttribute() method??Alternately, I’m thinking to call OpenDJ RESTAPI as the below: Is this right approach??
request.setUri(“http://opendjusers:8585/api/groups/” + groupName + “?_fields=groupScope&_prettyPrint=true”);
request.setMethod(“GET”);
request.getHeaders().add(‘Content-Type’, ‘application/json’);
request.getHeaders().add(‘Authorization’, ‘Basic xxxxxxxxxxxxxx’);
request.getHeaders().add(‘Accept-API-Version’, ‘resource=1.0’);However with this approach, I may end-up calling multiple REST API calls if user is belongs to multiple groups.
Please guide me if you come across similar challenge and how did you address it?
Thanks for your support.
Regards
SomFebruary 1, 2019 at 12:51 pm #24665srinath.m
ParticipantHi,
You can try OpenAM REST API to get the roles and groups as belowhttp://openam.example.com:8080/openam/json/users/user.0?_fields=isMemberOf
Thanks,
SrinathFebruary 6, 2019 at 10:45 am #24700Peter Major
ModeratorThe scripts don’t have full access to all AM functionality at the moment, so accomplishing what you are trying to do would be probably simpler with good old Java extensions.
February 7, 2019 at 12:10 pm #24718someswara.reddy.karem
ParticipantThanks Peter and Srinath.
We have enabled OpenDJ REST2LDAP interface, so inside Policy Condition,I invoke OpenDJ REST API to get list of groups. It works fine.
Thanks.
Regards
Som -
AuthorPosts
You must be logged in to reply to this topic.