Scripts

Realm Operations

The script resources service is responsible for managing scripts used for client-side and server-side scripted authentication, custom policy conditions, and handling OpenID Connect claims. Scripts are represented in JSON and take the following form. Scripts are built from standard JSON objects and values (strings, numbers, objects, sets, arrays, true, false, and null). Each script has a system-generated universally unique identifier (UUID), which must be used when modifying existing scripts. Renaming a script will not affect the UUID

Resource path:

/scripts

Resource version: 1.1

create

Create a script in a realm. The value for script must be in UTF-8 format and then encoded into Base64.

Usage

am> create Scripts --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "description" : "Script resource endpoint json schema",
  "type" : "object",
  "title" : "Script resource schema",
  "properties" : {
    "_id" : {
      "title" : "Script unique ID",
      "description" : "A unique ID for a script configuration, provided by the server",
      "type" : "string"
    },
    "name" : {
      "title" : "Script name",
      "description" : "The name provided for the script",
      "type" : "string"
    },
    "description" : {
      "title" : "Script description",
      "description" : "An optional text string to help identify the script",
      "type" : "string"
    },
    "script" : {
      "title" : "Script",
      "description" : "The source code of the script. The source code is in UTF-8 format and encoded into Base64",
      "type" : "string"
    },
    "language" : {
      "title" : "Script language",
      "description" : "The language the script is written in - JAVASCRIPT or GROOVY",
      "type" : "string"
    },
    "context" : {
      "title" : "Script type",
      "description" : "The script type. Supported values are: POLICY_CONDITION : Policy Condition  AUTHENTICATION_SERVER_SIDE : Server-side Authentication  AUTHENTICATION_CLIENT_SIDE : Client-side Authentication - Note Client-side scripts must be written in JavaScript OIDC_CLAIMS : OIDC Claims",
      "type" : "string"
    },
    "createdBy" : {
      "title" : "Created by",
      "description" : "A string containing the universal identifier DN of the subject that created the script",
      "type" : "string"
    },
    "creationDate" : {
      "title" : "Creation date",
      "description" : "An integer containing the creation date and time, in ISO 8601 format",
      "type" : "number"
    },
    "lastModifiedBy" : {
      "title" : "Last modifier",
      "description" : "A string containing the universal identifier DN of the subject that most recently updated the script. If the script has not been modified since it was created, this property will have the same value as createdBy",
      "type" : "string"
    },
    "lastModifiedDate" : {
      "title" : "Last modification date",
      "description" : "A string containing the last modified date and time, in ISO 8601 format. If the script has not been modified since it was created, this property will have the same value as creationDate",
      "type" : "number"
    }
  },
  "required" : [ "name", "description", "script", "language", "context" ]
}

delete

Delete an individual script in a realm specified by the UUID parameter

Usage

am> delete Scripts --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

query

List all the scripts in a realm, as well as any global scripts

Usage

am> query Scripts --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all. Fields that can be queried: [*]

read

Read an individual script in a realm by specifying the UUID parameter

Usage

am> read Scripts --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Update an individual script in a realm specified by the UUID parameter

Usage

am> update Scripts --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "description" : "Script resource endpoint json schema",
  "type" : "object",
  "title" : "Script resource schema",
  "properties" : {
    "_id" : {
      "title" : "Script unique ID",
      "description" : "A unique ID for a script configuration, provided by the server",
      "type" : "string"
    },
    "name" : {
      "title" : "Script name",
      "description" : "The name provided for the script",
      "type" : "string"
    },
    "description" : {
      "title" : "Script description",
      "description" : "An optional text string to help identify the script",
      "type" : "string"
    },
    "script" : {
      "title" : "Script",
      "description" : "The source code of the script. The source code is in UTF-8 format and encoded into Base64",
      "type" : "string"
    },
    "language" : {
      "title" : "Script language",
      "description" : "The language the script is written in - JAVASCRIPT or GROOVY",
      "type" : "string"
    },
    "context" : {
      "title" : "Script type",
      "description" : "The script type. Supported values are: POLICY_CONDITION : Policy Condition  AUTHENTICATION_SERVER_SIDE : Server-side Authentication  AUTHENTICATION_CLIENT_SIDE : Client-side Authentication - Note Client-side scripts must be written in JavaScript OIDC_CLAIMS : OIDC Claims",
      "type" : "string"
    },
    "createdBy" : {
      "title" : "Created by",
      "description" : "A string containing the universal identifier DN of the subject that created the script",
      "type" : "string"
    },
    "creationDate" : {
      "title" : "Creation date",
      "description" : "An integer containing the creation date and time, in ISO 8601 format",
      "type" : "number"
    },
    "lastModifiedBy" : {
      "title" : "Last modifier",
      "description" : "A string containing the universal identifier DN of the subject that most recently updated the script. If the script has not been modified since it was created, this property will have the same value as createdBy",
      "type" : "string"
    },
    "lastModifiedDate" : {
      "title" : "Last modification date",
      "description" : "A string containing the last modified date and time, in ISO 8601 format. If the script has not been modified since it was created, this property will have the same value as creationDate",
      "type" : "number"
    }
  },
  "required" : [ "name", "description", "script", "language", "context" ]
}

validate

Validate a script. Include a JSON representation of the script and the script language, JAVASCRIPT or GROOVY, in the POST data. The value for script must be in UTF-8 format and then encoded into Base64

Usage

am> action Scripts --realm Realm --body body --actionName validate

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "description" : "Validate action request schema",
  "type" : "object",
  "title" : "Validate request schema",
  "properties" : {
    "script" : {
      "title" : "Script",
      "description" : "The source code of the script. The source code is in UTF-8 format and encoded into Base64",
      "type" : "string"
    },
    "language" : {
      "title" : "Script language",
      "description" : "The language the script is written in - JAVASCRIPT or GROOVY",
      "type" : "string"
    }
  },
  "required" : [ "script", "language" ]
}