IDM 7.2.2

Authenticate script

Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation.

An authenticate script is required if you want to use pass-through authentication to the backend resource. If your connector does not need to authenticate to the resource, the authenticate script should allow the authId to pass through by default.

A sample authenticate script for an SQL database is provided in openidm/samples/scripted-sql-with-mysql/tools/AuthenticateScript.groovy.

Input variables

The following variables are available to the authenticate script:


A handler to the connector’s configuration object.


A handler to the Operation Options.


An OperationType that corresponds to the action (AUTHENTICATE).


The object class being used to authenticate, such as __ACCOUNT__ or __GROUP__.


A string that provides the username to authenticate.


A guarded string that provides the password with which to authenticate.


A logger instance for the connector.


The user unique ID (ICF __UID__). The type of the returned UID must be a string or a Uid. The script must throw an exception in the case of failure.

Authenticate Script
def operation = operation as OperationType
def configuration = configuration as ScriptedConfiguration
def username = username as String
def log = log as Log
def objectClass = objectClass as ObjectClass
def options = options as OperationOptions
def password = password as GuardedString;

if (username.equals("TEST")) {
    def clearPassword = SecurityUtil.decrypt(password)
    if ("Passw0rd".equals(clearPassword)) {
        return new Uid(username);
Copyright © 2010-2023 ForgeRock, all rights reserved.