[OPENAM-16563] Script evaluation logs invalid warning - ForgeRock JIRA

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: debug logging, scripting
Labels:
- FRAAS

Description

We're seeing some false-positive script evaluator warnings logged by AM in PaaS environments:

"Classname failed to match whitelist: 'org.forgerock.openam.auth.nodes.objAttrs'" 
"Classname failed to match whitelist: 'org.forgerock.guice.core.objAttrs'"

This occurs when evaluating the adminonboardingvalidate.javascript script:

var fr = new JavaImporter(
  org.forgerock.openam.auth.nodes,
  org.forgerock.guice.core
);

with (fr) {
  try {

    var realm = sharedState.get('realm');
    var username = sharedState.get('username');
    var identityProvider = InjectorHolder.getInstance(IdentityProvider);
    var identity = identityProvider.getIdentity(username, realm);
    var attrs = identity.getAttributes();
    
    if (!attrs.containsKey('fr-idm-inviteDate')) {
      throw new Error('Admin has no invite date');
    }

    if (attrs.containsKey('fr-idm-onboardDate')) {
      throw new Error('Admin has already been onboarded');
    }
    
    var objAttrs = { userName: username, mail: username };
    sharedState.put('objectAttributes', objAttrs);

    logger.message('AdminOnboarding: Validated admin during onboarding');
    outcome = 'true';

  } catch (e) {

    logger.error('AdminOnboarding: Failed to validate admin during onboarding');
    logger.error(e);
    outcome = 'false';

  }
}

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Craig McDonnell

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

28/Jul/20 4:29 PM

Updated:

29/Jul/20 10:58 AM