Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16789

Provided AM "Scripted Policy Condition" script doesn't work with google API anymore


    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s:, 7.0.0
    • Fix Version/s: None
    • Component/s: scripting
    • Labels:


      The provided example of a "Scripted Policy Decision" in AM details a step to check whether a user's country from a requested IP address matches the country from the users address. In order to do this the Script in AM - "Scripted Policy Condition" does two things:

      1. Get's Country from IP Address - this works fine
      2. Get's Country from Address using Google API - This does not work

      It looks like Google requires an API Key to make this call i.e.

      function getCountryFromUserAddress() {function getCountryFromUserAddress() {
      var request = new org.forgerock.http.protocol.Request();    request.setUri("http://maps.googleapis.com/maps/api/geocode/json?address=" + encodeURIComponent(userAddress));  request.setMethod("GET");
          var response = httpClient.send(request).get();    logResponse(response);
          var geocode = JSON.parse(response.getEntity());    var i;    for (i = 0; i < geocode.results.length; i+) {        var result = geocode.results[i];        var j;        for (j = 0; j < result.address_components.length; i+) {            if (result.address_components[i].types[0] == "country")

      {                return result.address_components[i].long_name;            }

              }    }}


      The response from this API call is:


      User REST Call. Status: [Status: 200 OK], Body:

      { "error_message" : "You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account", "results" : [], "status" : "REQUEST_DENIED" }


      This needs to be modified to a free API call.


      Example is detailed here:






      Workaround: Modify the method to be:

      function getCountryFromUserAddress()

      { return "United States"; }

      This would mean the address on the users account could be anything and just need users to pass in an IP from the United States to result in a successful call.


          Issue Links



              • Assignee:
                mark.nienaber@forgerock.com Mark Nienaber
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: