Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16789

Provided AM "Scripted Policy Condition" script doesn't work with google API anymore

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2.3, 7.0.0
    • Fix Version/s: None
    • Component/s: scripting
    • Labels:
      None

      Description

      The provided example of a "Scripted Policy Decision" in AM details a step to check whether a user's country from a requested IP address matches the country from the users address. In order to do this the Script in AM - "Scripted Policy Condition" does two things:

      1. Get's Country from IP Address - this works fine
      2. Get's Country from Address using Google API - This does not work

      It looks like Google requires an API Key to make this call i.e.

      function getCountryFromUserAddress() {function getCountryFromUserAddress() {
      var request = new org.forgerock.http.protocol.Request();    request.setUri("http://maps.googleapis.com/maps/api/geocode/json?address=" + encodeURIComponent(userAddress));  request.setMethod("GET");
          var response = httpClient.send(request).get();    logResponse(response);
          var geocode = JSON.parse(response.getEntity());    var i;    for (i = 0; i < geocode.results.length; i+) {        var result = geocode.results[i];        var j;        for (j = 0; j < result.address_components.length; i+) {            if (result.address_components[i].types[0] == "country")

      {                return result.address_components[i].long_name;            }

              }    }}

       

      The response from this API call is:

       

      User REST Call. Status: [Status: 200 OK], Body:

      { "error_message" : "You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account", "results" : [], "status" : "REQUEST_DENIED" }

       

      This needs to be modified to a free API call.

       

      Example is detailed here:

      https://backstage.forgerock.com/docs/am/7/authorization-guide/scripted-policy-condition.html#sec-scripted-policy-condition-prepare

      https://backstage.forgerock.com/docs/am/5.5/authorization-guide/#sec-scripted-policy-condition-prepare

       

       

       

      Workaround: Modify the method to be:

      function getCountryFromUserAddress()

      { return "United States"; }

      This would mean the address on the users account could be anything and just need users to pass in an IP from the United States to result in a successful call.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mark.nienaber@forgerock.com Mark Nienaber
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: