Using the scripted IDP Adapter in AM (7.2)

Hi there,

I have set up a custom IDP Adapter script to do policy based authorization per SP. It is based on the sample. (IDP adapter plugin :: AM 7.2.2)

However, I need to add an ldapfilter condition to the saml policy. This fails because the filter condition requires the realmDN to be set, which the sample does not do.

I got it going by changing idpAdapterScriptHelper.getEntitlements to pass an environment, and it works as expected, however…

Passing an environment to getEntitlements requires a Map to be passed, (and the value in the Map is a Set) but when I tried to create the Set and Map with
const map = new Map();
const set = new Set();
The script fails with the error ReferenceError: “Map” is not defined.
(or Set if I do that first)

I got it to work by using JavaImporter to import
and creating the Set and Map using them.

That seems a pretty ugly way to do it, so I was wondering if anyone has tried to using the javascript Set/Map interfaces in any AM customer scripts.

Hi @Marc.Priebee
It’s not exactly what you want to do but it may help you a little bit to check this blog note: 6 Steps to customise your SAML Flow with ForgeRock as Identity Provider | by Stéphane Orluc | Medium
Best regards.

Thanks Steph,

I read the blog note. Some interesting stuff in there, but it still uses the example getEntitlements method so would not work with a ldapFilter condition in the policy.