How to read group attributes in OpenAM Scripted Policy Condition

This topic contains 3 replies, has 3 voices, and was last updated by  someswara.reddy.karem 6 months, 1 week ago.

  • Author
    Posts
  • #24664
     someswara.reddy.karem 
    Participant

    Dear FR friends,

    Currently we have requirement to read group attributes (custom) in “OpenAM Scripted Policy Condition”.
    I’m able to read group using the below code:

    //Read isMemberOf from OpenDJ.
    var userGroup = identity.getAttribute(“isMemberOf”);

    Once I have group information, I need to read custom group attributes (groupScope, groupStatus etc.).
    Is there any SDK to read group attributes similar like identity.getAttribute() method??

    Alternately, I’m thinking to call OpenDJ RESTAPI as the below: Is this right approach??

    request.setUri(“http://opendjusers:8585/api/groups/” + groupName + “?_fields=groupScope&_prettyPrint=true”);
    request.setMethod(“GET”);
    request.getHeaders().add(‘Content-Type’, ‘application/json’);
    request.getHeaders().add(‘Authorization’, ‘Basic xxxxxxxxxxxxxx’);
    request.getHeaders().add(‘Accept-API-Version’, ‘resource=1.0’);

    However with this approach, I may end-up calling multiple REST API calls if user is belongs to multiple groups.

    Please guide me if you come across similar challenge and how did you address it?

    Thanks for your support.

    Regards
    Som

    #24665
     srinath.m 
    Participant

    Hi,
    You can try OpenAM REST API to get the roles and groups as below

    http://openam.example.com:8080/openam/json/users/user.0?_fields=isMemberOf

    Thanks,
    Srinath

    #24700
     Peter Major 
    Moderator

    The scripts don’t have full access to all AM functionality at the moment, so accomplishing what you are trying to do would be probably simpler with good old Java extensions.

    #24718
     someswara.reddy.karem 
    Participant

    Thanks Peter and Srinath.

    We have enabled OpenDJ REST2LDAP interface, so inside Policy Condition,I invoke OpenDJ REST API to get list of groups. It works fine.

    Thanks.
    Regards
    Som

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?