Authenticate script
An authenticate script is required if you want to use pass-through authentication to the backend resource. If your connector does not need to authenticate to the resource, the authenticate script should allow the authId
to pass through by default.
A sample authenticate script for an SQL database is provided in openidm/samples/scripted-sql-with-mysql/tools/AuthenticateScript.groovy
.
The following connectors support pass-through authentication using the AuthenticateOp
interface by default:
All Scripted Groovy-based connectors are capable of pass-through authentication if the AuthenticateScript.groovy script is implemented, but the only default implementation is the ScriptedSQL connector.
|
- Input variables
-
The following variables are available to the authenticate script:
- configuration
-
A handler to the connector’s configuration object.
- options
-
A handler to the Operation Options.
- operation
-
An OperationType that corresponds to the action (
AUTHENTICATE
). - objectClass
-
The object class being used to authenticate, such as
__ACCOUNT__
or__GROUP__
. - username
-
A string that provides the username to authenticate.
- password
-
A guarded string that provides the password with which to authenticate.
- log
-
A logger instance for the connector.
- Returns
-
The user unique ID (ICF
__UID__
). Thetype
of the returned UID must be astring
or aUid
. The script must throw an exception in the case of failure.
def operation = operation as OperationType
def configuration = configuration as ScriptedConfiguration
def username = username as String
def log = log as Log
def objectClass = objectClass as ObjectClass
def options = options as OperationOptions
def password = password as GuardedString;
if (username.equals("TEST")) {
def clearPassword = SecurityUtil.decrypt(password)
if ("Passw0rd".equals(clearPassword)) {
return new Uid(username);
}
}