Hello,
Our team has an AM and DS setup with no IDM. We have configured our DS in a way where username is not the primary key for an identity. For most of our scripts using idRepository.getAttributes() works fine except that sometimes we need to retrieve information from the DS that is not based on username.
What is the common practice for someone to retrieve that information through a script? We could use IdUtils.getIdentity() from Groovy but we would prefer to have everything in JavaScript. Is our only other option calling the DS using REST?
Thanks
Hi @dfiguero,
It depends on your deployment architecture and wether the search attribute is shared with (or sync’ed from) IDM.
In a self managed environment, there is no limitation, you can use a market place node such as the LDAP Query node or enable the http connector in DS and use a scripted decision node. Bare in mind that this solution is not portable to Ping Advanced Identity Cloud.
If the deployment is in Ping Advanced Identity Cloud, or is a self-managed, Platform deployment, and the search attribute is in the user profile, then you can search directly at IDM. The latest Ping Advanced Identity Cloud, and AM 7.5 supports scripting next generation, which introduces the openidm object, same interface as the old fellow in IDM scripting,
Kind regards
Patrick
2 Likes
Thank you @patrick_diligent for the suggestions.
Unfortunately, I don’t have Ping IDM in my environment. I was hoping to use something simpler than the LDAP Query node (but thank you for pointing me out to this resource) or the REST calls.
What I ended up doing is importing the IdUtils object in my JS script to perform the search.
Cheers,
Diego
1 Like