/*global security, properties, openidm */
/**
* This security context population script is called when the auth module authenticates a
*
* global properties - auth module-specific properties from authentication.json for the
* passthrough user auth module
*
* {
* "authnPopulateContextScript" : "auth/populateAsManagedUser.js",
* "propertyMapping" : {
* "groupMembership" : "memberOf"
* "authenticationId" : "sAMAccountName"
* },
* "managedUserLink" : "systemAdAccounts_managedUser",
* "defaultUserRoles" : [
* "openidm-authorized"
* ]
* }
*
* global security - map of security context details as have been determined thus far
*
* {
* "authorization": {
* "id": "jsmith",
* "component": "passthrough",
* "roles": [ "openidm-authorized" ]
* },
* "authenticationId": "jsmith",
* }
*/
(function () {
managedUser = openidm.query("managed/user", { '_queryFilter' : '/userName eq "' + security.authenticationId + '"' }, ["*","authzRoles"]);
throw {
"code" : 401,
};
}
throw {
"code" : 401,
"message" : "Access denied, user inactive"
};
}
_.uniq(
// appending empty string gets the value from java into a format more familiar to JS
})
)
) :
};
return security;
}());