How to Validate Password using Next Gen Script

Troubleshooting
, , , , ,
1

Hi,
In Identity cloud journey scripted decision node, I am trying to validate the password using next gen script openidm.action endpoint but while the execution of script I’m getting the following error-

“message”: “***passwordvalidation: Unable to call IDM Policy Endpoint. Exception: JavaException: java.util.concurrent.ExecutionException: org.forgerock.openam.scripting.wrappers.HttpClientScriptException”

I’m guessing the error is in the syntax for data that is pasing in the line-

openidm.action("policy/managed/alpha_user", "validateProperty", {
                "object": {},
                "properties": {
                  "password":newPassword
                } 
    });

I tried looking for the syntax for “validateProperty” but coudn’t find in any of the IDcloud docs. So please help me to identify the root cause of error or maybe the correct syntax.
Here is the script I’m using-


/**
* Full Configuration 
*/

var config = {
managedUser: "/alpha_user",
nodeName: "***passwordvalidation"
};

/**
* Node outcomes
*/

var NodeOutcome = {
PASS: "success",
ERROR: "error",
  FAIL: "fail"
};

/**
* Log an HTTP response
* 
* @param {Response} HTTP response object
*/

function logResponse(response) 
{
logger.info(config.nodeName + ": Scripted Node HTTP Response: " + response.getStatus() + ", Body: " + response.getEntity().getString());
}

/**
** The main function
*/
function passwordvalidation(newPassword) {

var response;

logger.info(config.nodeName + ": Attempting to connect passwordvalidation: " + " connected.");


try {
    
    var request = openidm.action("policy/managed/alpha_user", "validateProperty", {
                "object": {},
                "properties": {
                  "password":newPassword
                } 
    });
    
    response = httpClient.send(request).get();
}

catch (e) {
    logger.error(config.nodeName + ": Unable to call IDM Policy Endpoint. Exception: " + e);
    nodeState.putShared("errorMessage","Unable to call IDM Policy Endpoint. Exception");
    return NodeOutcome.ERROR;
}
logResponse(response);

if (response.status === 200) {  
    var systemResponse = response.statusText;
      if(systemResponse.result){
       logger.info(config.nodeName + ": user password validation is success");
       nodeState.get("objectAttributes").putShared("password", newPassword);

       return NodeOutcome.PASS;
    } else {
           logger.info(config.nodeName + ": user password validation failed " + systemResponse.failedPolicyRequirements );
	  
		nodeState.putShared("errorMessage","The new password does not match the password policy");
      
       return NodeOutcome.ERROR;  
    }
}
}



/**
* Node entry point
*/

logger.info(config.nodeName + ": node executing");


var newPassword;


if (!(newPassword = nodeState.get("newPassword"))) {
logger.error(config.nodeName + ": Unable to retrieve password from transientState");
nodeState.putShared("errorMessage","Unable to retrieve password from transientState");
outcome = NodeOutcome.FAIL;
} else {
outcome = passwordvalidation(newPassword);
}
2

Hi @anurag_tvh,

openidm.action does not return a request, but actually PERFORMS the call to IDM and returns the response. Your script then attempts to send the response as a request with the http client handler - so why the error… furthermore, in this code sample, the http client handler does not have any URL to go, or any authentication scheme to use. The openidm object allows to interact directly with IDM, freeing you from using the http client handler, it obtains (and caches) the OAuth2 token and passes it to IDM REST calls… in other words it offers the same experience as when developing an IDM script.

Regards
Patrick

1 Like
3

Hi anurag_tvh,

We’re working to enhance the community experience. If you found the information helpful in addressing your inquiry, please click the checkbox below the reply to mark the issue as Solved.

We highly encourage our members to use this feature, as it helps those seeking assistance and those looking for previously provided solutions.

Thank you very much!

Sheila