passthroughAuthnPopulateContext.js revision 0c3f79f75f596c8d6700b2de830000f754bb28a9
/*global security, properties, openidm */
/**
* This context population script is called when the passthrough auth module was used
* to successfully authenticate a user
*
* global properties - auth module-specific properties from authentication.json for the
* passthrough user auth module
*
* {
* "authnPopulateContextScript" : "auth/passthroughAuthnPopulateContext.js",
* "propertyMapping" : {
* "userRoles" : "roles"
* },
* "defaultUserRoles" : [ ]
* }
*
* global security - map of security context details as have been determined thus far
*
* {
* "authorizationId": {
* "id": "jsmith",
* "component": "passthrough",
* "roles": [ "openidm-authorized" ]
* },
* "authenticationId": "jsmith",
* }
*/
var userDetail,
i,
role,
// This is needed to switch the context of a pass-through authenticated user from their original security context
// to a context that is based on the related managed/user account. This is helpful for UI interaction.
userDetail = openidm.query(resource, { '_queryFilter' : userIdPropertyName + ' eq "' + security.authenticationId + '"' });
throw {
"code" : 401,
"message" : "Access denied, no user detail could be retrieved"
};
}
throw {
"code" : 401,
"message" : "Access denied, user detail retrieved ambiguous"
};
}
"_queryId": "links-for-firstId",
});
throw {
"code" : 401,
};
}
throw {
"code" : 401,
"message" : "Access denied, user inactive"
};
}
};
}