Scripts
Realm Operations
The script resources service is responsible for managing scripts used for client-side and server-side scripted authentication, custom policy conditions, and handling OpenID Connect claims. Scripts are represented in JSON and take the following form. Scripts are built from standard JSON objects and values (strings, numbers, objects, sets, arrays, true, false, and null). Each script has a system-generated universally unique identifier (UUID), which must be used when modifying existing scripts. Renaming a script will not affect the UUID
Resource path: /scripts
Resource version: 1.1
create
Create a script in a realm. The value for script must be in UTF-8 format and then encoded into Base64.
Usage:
am> create Scripts --realm Realm --id id --body body
Parameters:
--id
The unique identifier for the resource.
--body
The resource in JSON format, described by the following JSON schema:
{ "description" : "Script resource endpoint json schema", "type" : "object", "title" : "Script resource schema", "properties" : { "_id" : { "title" : "Script unique ID", "description" : "A unique ID for a script configuration, provided by the server", "type" : "string" }, "name" : { "title" : "Script name", "description" : "The name provided for the script", "type" : "string" }, "description" : { "title" : "Script description", "description" : "An optional text string to help identify the script", "type" : "string" }, "script" : { "title" : "Script", "description" : "The source code of the script. The source code is in UTF-8 format and encoded into Base64", "type" : "string" }, "language" : { "title" : "Script language", "description" : "The language the script is written in - JAVASCRIPT or GROOVY", "type" : "string" }, "context" : { "title" : "Script type", "description" : "The script type. Supported values are: POLICY_CONDITION : Policy Condition AUTHENTICATION_SERVER_SIDE : Server-side Authentication AUTHENTICATION_CLIENT_SIDE : Client-side Authentication - Note Client-side scripts must be written in JavaScript OIDC_CLAIMS : OIDC Claims", "type" : "string" }, "createdBy" : { "title" : "Created by", "description" : "A string containing the universal identifier DN of the subject that created the script", "type" : "string" }, "creationDate" : { "title" : "Creation date", "description" : "An integer containing the creation date and time, in ISO 8601 format", "type" : "number" }, "lastModifiedBy" : { "title" : "Last modifier", "description" : "A string containing the universal identifier DN of the subject that most recently updated the script. If the script has not been modified since it was created, this property will have the same value as createdBy", "type" : "string" }, "lastModifiedDate" : { "title" : "Last modification date", "description" : "A string containing the last modified date and time, in ISO 8601 format. If the script has not been modified since it was created, this property will have the same value as creationDate", "type" : "number" } }, "required" : [ "name", "description", "script", "language", "context" ] }
delete
Delete an individual script in a realm specified by the UUID parameter
Usage:
am> delete Scripts --realm Realm --id id
Parameters:
--id
The unique identifier for the resource.
query
List all the scripts in a realm, as well as any global scripts
Usage:
am> query Scripts --realm Realm --filter filter
Parameters:
--filter
A CREST formatted query filter, where "true" will query all. Fields that can be queried: [*]
read
Read an individual script in a realm by specifying the UUID parameter
Usage:
am> read Scripts --realm Realm --id id
Parameters:
--id
The unique identifier for the resource.
update
Update an individual script in a realm specified by the UUID parameter
Usage:
am> update Scripts --realm Realm --id id --body body
Parameters:
--id
The unique identifier for the resource.
--body
The resource in JSON format, described by the following JSON schema:
{ "description" : "Script resource endpoint json schema", "type" : "object", "title" : "Script resource schema", "properties" : { "_id" : { "title" : "Script unique ID", "description" : "A unique ID for a script configuration, provided by the server", "type" : "string" }, "name" : { "title" : "Script name", "description" : "The name provided for the script", "type" : "string" }, "description" : { "title" : "Script description", "description" : "An optional text string to help identify the script", "type" : "string" }, "script" : { "title" : "Script", "description" : "The source code of the script. The source code is in UTF-8 format and encoded into Base64", "type" : "string" }, "language" : { "title" : "Script language", "description" : "The language the script is written in - JAVASCRIPT or GROOVY", "type" : "string" }, "context" : { "title" : "Script type", "description" : "The script type. Supported values are: POLICY_CONDITION : Policy Condition AUTHENTICATION_SERVER_SIDE : Server-side Authentication AUTHENTICATION_CLIENT_SIDE : Client-side Authentication - Note Client-side scripts must be written in JavaScript OIDC_CLAIMS : OIDC Claims", "type" : "string" }, "createdBy" : { "title" : "Created by", "description" : "A string containing the universal identifier DN of the subject that created the script", "type" : "string" }, "creationDate" : { "title" : "Creation date", "description" : "An integer containing the creation date and time, in ISO 8601 format", "type" : "number" }, "lastModifiedBy" : { "title" : "Last modifier", "description" : "A string containing the universal identifier DN of the subject that most recently updated the script. If the script has not been modified since it was created, this property will have the same value as createdBy", "type" : "string" }, "lastModifiedDate" : { "title" : "Last modification date", "description" : "A string containing the last modified date and time, in ISO 8601 format. If the script has not been modified since it was created, this property will have the same value as creationDate", "type" : "number" } }, "required" : [ "name", "description", "script", "language", "context" ] }
validate
Validate a script. Include a JSON representation of the script and the script language, JAVASCRIPT or GROOVY, in the POST data. The value for script must be in UTF-8 format and then encoded into Base64
Usage:
am> action Scripts --realm Realm --body body --actionName validate
Parameters:
--body
The resource in JSON format, described by the following JSON schema:
{ "description" : "Validate action request schema", "type" : "object", "title" : "Validate request schema", "properties" : { "script" : { "title" : "Script", "description" : "The source code of the script. The source code is in UTF-8 format and encoded into Base64", "type" : "string" }, "language" : { "title" : "Script language", "description" : "The language the script is written in - JAVASCRIPT or GROOVY", "type" : "string" } }, "required" : [ "script", "language" ] }