populateAsManagedUser.js revision 21dcdac963f79c098a5ea1a2c5c5e109429c9786
/*global security, properties, openidm */
/**
* This security context population script is called when the auth module authenticates a
*
* global properties - auth module-specific properties from authentication.json for the
* passthrough user auth module
*
* {
* "authnPopulateContextScript" : "auth/populateAsManagedUser.js",
* "propertyMapping" : {
* "groupMembership" : "memberOf"
* "authenticationId" : "sAMAccountName"
* },
* "managedUserLink" : "systemAdAccounts_managedUser",
* "defaultUserRoles" : [
* "openidm-authorized"
* ]
* }
*
* global security - map of security context details as have been determined thus far
*
* {
* "authorization": {
* "id": "jsmith",
* "component": "passthrough",
* "roles": [ "openidm-authorized" ]
* },
* "authenticationId": "jsmith",
* }
*/
(function () {
// This is needed to switch the context of an authenticated user from their original security context
// to a context that is based on the related managed/user account. This is helpful for UI interaction.
userDetail = openidm.query(resource, { '_queryFilter' : userIdPropertyName + ' eq "' + security.authenticationId + '"' });
throw {
"code" : 401,
"message" : "Access denied, no user detail could be retrieved"
};
}
throw {
"code" : 401,
"message" : "Access denied, user detail retrieved ambiguous"
};
}
"_queryId": "links-for-firstId",
});
throw {
"code" : 401,
};
}
if (managedUser === null) {
throw {
"code" : 401,
};
}
throw {
"code" : 401,
"message" : "Access denied, user inactive"
};
}
};
}
return security;
}());