Scripting lets you extend IDM functionality. For example, you can provide custom logic between source and target mappings, define correlation rules, filters, triggers, and so on. This guide shows you how to use scripts in IDM and provides reference information on the script engine.

Quick Start

Script Configuration

Modify the parameters to compile, debug, and run scripts.

Custom Endpoints

Run arbitrary scripts through the REST URI.

Script Triggers

Learn where and how you can trigger scripts.

Script Variables

Learn about the variables available to scripts.

IDM supports scripts written in JavaScript and Groovy and uses the following libraries:

  • Rhino version 1.7.12 to run JavaScript.


    Rhino has limited support for ES6 / ES2015 (JavaScript version 1.7). For more information, see Rhino ES2015 Support.

  • Groovy version 3.0.4 for Groovy script support.

  • Lodash 3.10.1 and Handlebars 4.7.6 for Rhino scripting.


    Using Handlebars JS in server-side JS scripts requires synchronization; for example:

    var Handlebars = require("lib/handlebars");
    var result = new Packages.org.mozilla.javascript.Synchronizer(function() {
      var template = Handlebars.compile("Handlebars {{doesWhat}}");
      return template({ doesWhat: "rocks!" });
    }, Handlebars)();
  • BouncyCastle 1.67 for signing JWTs.


    The BouncyCastle .JAR file that is bundled with IDM includes the org.bouncycastle.asn1.util.Dump command-line utility. Although this utility is not used directly by IDM, it is possible to reference the utility in your scripts. Due to a security vulnerability in this utility, you should not reference it in your scripts. For more information, see the corresponding BouncyCastle issue.


Script options and locations are defined in conf/script.json. Default scripts are located in (/path/to/openidm/bin/defaults/script/). Do not modify the scripts in this directory. Rather copy the default scripts to a different location, make the changes, and update the referenced scripts in the applicable conf/ file. You can put custom scripts in any of the locations referenced in the sources property in conf/script.json.

ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.

The ForgeRock Common REST API works across the platform to provide common ways to access web resources and collections of resources.

Read a different version of :