The Scripting Environment

AM supports scripts written in JavaScript.

How to determine the JavaScript Engine Version

You can use a script to check the version of the JavaScript engine AM is using. You could temporarily add the following script to a Scripted Decision node, for example, to output the engine version to the debug log:

var rhino = JavaImporter(
  org.mozilla.javascript.Context
)

var currentContext = rhino.Context.getCurrentContext()
var rhinoVersion = currentContext.getImplementationVersion()

logger.error("JS Script Engine: " + rhinoVersion)

outcome = "true"

Ensure the following are listed in the Java class whitelist property of the scripting engine.

  • org.mozilla.javascript.Context

  • org.forgerock.openam.scripting.timeouts.*

To view the Java class whitelist, go to Configure > Global Services > Scripting > Secondary Configurations. Select the script type, and on the Secondary Configurations tab, click engneConfiguration.

AM uses the Mozilla Rhino JavaScript engine.

To access the functionality AM provides, import the required Java class or package, as follows:

var fr = JavaImporter(
    org.forgerock.openam.auth.node.api,
    javax.security.auth.callback.NameCallback
);
with (fr) {
    ...
}

You can use scripts to modify default AM behavior in the following situations, also known as contexts:

Client-side Authentication

Scripts that are executed on the client during authentication.

Authentication Trees

Scripts are included in an authentication node within a tree and are executed on the server during authentication.

AM implements a configurable scripting engine for each of the context types that are executed on the server.

The scripting engines in AM have two main components: security settings, and the thread pool.

The scripting engines contain configuration for security settings and thread pool management.