Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9565

Improvement around API object availability

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.0.0
    • Fix Version/s: None
    • Component/s: scripting
    • Labels:
    • Support Ticket IDs:

      Description

      When using the policy evaluation endpoint, the subject can be specified as a sso token value, jwt, or a set of jwt claims.

      The scripted policy condition API has access to the identity object to retrieve attributes about the subject (from the subjects data store). When subject is provided by a sso token, identity object is available. When subject is provided by a claim set (universal id as "sub"), identity is NOT available, even though the attributes can be returned in the REST response as response attributes.

      This seems to be a known limitation and there is no suitable solution for this issue at this time.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              shariq.faruqi@forgerock.com shariq faruqi [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: