amAuthScripted.xml revision b22c2a29f35c5c8bf679b6904dca1d502328d86a
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * The contents of this file are subject to the terms of the Common Development and
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * Distribution License (the License). You may not use this file except in compliance with the
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * License.
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * specific language governing permission and limitations under the License.
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * When distributing Covered Software, include this CDDL Header Notice in each file and include
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * Header, with the fields enclosed by brackets [] replaced by your own identifying
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * information: "Portions copyright [year] [name of copyright owner]".
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc * Copyright 2014-2015 ForgeRock AS.
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc<!DOCTYPE ServicesConfiguration PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN" "jar://com/sun/identity/sm/sms.dtd">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc<ServicesConfiguration>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Service name="iPlanetAMAuthScriptedService" version="1.0">
d62bc4badc1c1f1549c961cfb8b420e650e1272byz serviceHierarchy="/DSAMEConfig/authentication/iPlanetAMAuthScriptedService"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nFileName="amAuthScripted"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc revisionNumber="1"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="iplanet-am-auth-scripted-service-description"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="scripted">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-server-timeout"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="serverScriptTimeout">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
f595a68a3b8953a12aa778c2abd7642df8da8c3ayz </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-core-threads"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="threadPoolSize">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-max-threads"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="maximumThreadPoolSize">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
a399b7655a1d835aa8606c2b29e4e777baac8635zf <AttributeSchema name="iplanet-am-auth-scripted-queue-size"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="threadPoolQueueSize">
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-idle-timeout"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="threadIdleTimeout">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-white-list"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="javaClassWhitelist">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Value>org.forgerock.openam.authentication.modules.scripted.*</Value>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Value>org.forgerock.openam.authentication.modules.scripted.http.*</Value>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-black-list"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="javaClassBlackList">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-use-security-manager"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="useSecurityManager">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </BooleanValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Organization>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="validator"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="string">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Value>org.forgerock.openam.authentication.modules.scripted.ScriptValidator</Value>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Value>com.sun.identity.sm.RequiredValueValidator</Value>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-client-script-enabled"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="boolean"
d62bc4badc1c1f1549c961cfb8b420e650e1272byz i18nKey="a101"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="clientScriptEnabled">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </BooleanValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-client-script"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="script"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc validator="no"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="a102"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="clientScript">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-script-type"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single_choice"
a399b7655a1d835aa8606c2b29e4e777baac8635zf syntax="string"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="a103"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="serverScriptType">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <ChoiceValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </ChoiceValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-server-script"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="script"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc validator="ScriptValidator"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="a104"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="serverScript">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc var START_TIME = 9; // 9am
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc var END_TIME = 17; // 5pm
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.message("Starting authentication javascript");
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.message("User: " + username);
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc // Log out current cookies in the request
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc var cookies = requestData.getHeaders('Cookie');
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc for (cookie in cookies) {
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.message('Cookie: ' + cookies[cookie]);
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc if (username) {
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc // Fetch user information via REST
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc var response = httpClient.get("http://localhost:8080/openam/json/users/" + username, {
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc cookies : [],
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc headers : []
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy // Log out response from REST call
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.message("User REST Call. Status: " + response.getStatusCode() + ", Body: " + response.getEntity());
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc var now = new Date();
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc if (now.getHours() < START_TIME || now.getHours() > END_TIME) {
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.error("Login forbidden outside work hours!");
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc authState = FAILED;
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.message("Authentication allowed!");
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc authState = SUCCESS;
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-auth-level"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="number_range" rangeStart="0" rangeEnd="2147483647"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="a500"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="authenticationLevel">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="validator"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="string">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Value>org.forgerock.openam.authentication.modules.scripted.ScriptValidator</Value>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <Value>com.sun.identity.sm.RequiredValueValidator</Value>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-client-script-enabled"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="boolean"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="a101"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="clientScriptEnabled">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </BooleanValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-client-script"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="script"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc validator="no"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="a102"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="clientScript">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-script-type"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single_choice"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="string"
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy i18nKey="a103"
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy resourceName="serverScriptType">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <ChoiceValues>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy <ChoiceValue i18nKey="choice1">JavaScript</ChoiceValue>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy <ChoiceValue i18nKey="choice2">Groovy</ChoiceValue>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy </ChoiceValues>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy <AttributeSchema name="iplanet-am-auth-scripted-server-script"
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy type="single"
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy syntax="script"
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy validator="ScriptValidator"
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy i18nKey="a104"
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy resourceName="serverScript">
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy <DefaultValues>
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy var START_TIME = 9; // 9am
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy var END_TIME = 17; // 5pm
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy logger.message("Starting authentication javascript");
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy logger.message("User: " + username);
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy // Log out current cookies in the request
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy var cookies = requestData.getHeaders('Cookie');
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy for (cookie in cookies) {
eae72b5b807baa9116e64502cbb278edf15f3146Sebastien Roy logger.message('Cookie: ' + cookies[cookie]);
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc if (username) {
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc // Fetch user information via REST
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc var response = httpClient.get("http://localhost:8080/openam/json/users/" + username, {
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc cookies : [],
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc headers : []
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc // Log out response from REST call
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.message("User REST Call. Status: " + response.getStatusCode() + ", Body: " + response.getEntity());
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc var now = new Date();
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc if (now.getHours() < START_TIME || now.getHours() > END_TIME) {
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.error("Login forbidden outside work hours!");
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc authState = FAILED;
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc logger.message("Authentication allowed!");
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc authState = SUCCESS;
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <AttributeSchema name="iplanet-am-auth-scripted-auth-level"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc type="single"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc syntax="number_range" rangeStart="0" rangeEnd="2147483647"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc i18nKey="a500"
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc resourceName="authenticationLevel">
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc <DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </DefaultValues>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </AttributeSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </SubSchema>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </Organization>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc </Service>
0ba2cbe97e0678a691742f98d2532caed0a2c4aaxc</ServicesConfiguration>