Mutual TLS in user journeys

I was trying to make an HTTPS call to an external entity as part of a scripted decision node in Identity cloud. The HTTPS call uses mutual TLS.

Since ForgeRock journeys use Rhino engine, the usual JS ways to do HTTPS call such as window.fetch, XMLHttpRequest doesn’t work. Instead we’ll have to use java object HttpClient. However, in java it seems that mutual TLS is handled by storing the certs to be sent in keystore, and I’m not sure if we could use that in scripted decision nodes of Identity Cloud.

I couldn’t find a way to achieve Mutual TLS in Rhino. Has anyone done it, or has any idea on how it can be done?

Hi Anishetty,

No, unfortunately, MTLS is not supported in ForgeRock Identity Cloud. However, there is another way: through the RCS and the Groovy Scripted Rest’s Script On Resource operation. You’ll find the basics in this community article:

This requires:

  • Implementing a Scripted REST connector with a dummy Schema script + Customiser scritpt (can use the default from the samples) + the Script on Resource operation script. The Groovy script have then all the flexibility to make MTLS calls, as the RCS resides on premises.
  • From a Journey, invoke IDM’s System endpoint to invoke the operation.