Using the scripted identityRepository to retrieve a users profile where the username contains the value which is present in an alias


I am developing an authentication tree and to be able to test it I introduced a scripted node which should take care of setting a fixed username and also use this username to retrieve the UID (integration tests creates users with same username but always different values for UID). This UID is user in nodes later on, so it is mandatory to be present and placed in shared state (in the end a custom node will replace this scripted node).

So as the scripted node has idRepository.getAttribute(username, ‘uid’) method available it seems like an easy task to accomplish, however in our case the username is stored in another attribute than what AM searches for by default. Here comes the problem, it is not possible to set the userSearchAttributes or at least I have not found a way to do so.

My question is, is it possible to use the scripted IdentityRepository to find a users profile by searching for an alias and if so how to accomplish this?



It won’t help you much here, but I’ll add my note that I’ve also had cases where this would be helpful and I was not able to find any mechanism for doing it. The limitation is that the identity store configuration only allows you to specify a single attribute for user search, which is frustrating because the User Profile search allows you to configure aliases.
Looking at (albeit old) code for the AMIdentityRepository it certainly does seems as though the ScriptIdentityRepository class could be extended to support alias based searching. Seems like a really good RFE to me, but I certainly haven’t thought through the implications of such a change.

The Identify Existing User should be able to do this.

Something like this should work. This would put _id in the shared state based on the alias specified.



Great call @anishetty! This would work as long as you have AM deployed as part of the Identity Platform.

1 Like

As @mwtech mentions, the Identity Existing User is only available for a platform deployment, and that includes the ForgeRock Identity Cloud.
If the deployment is not a platform, in that case you could investigate using the Markeplace node LDAP Query Node [ ForgeRock Marketplace ] to search the user’s id with the alias, and injects it into shared state.
Note that such a solution is not portable to ForgeRock Identity Cloud, where the correct way is to use the method mentioned by @anishetty above.


1 Like