[OPENAM-16563] Script evaluation logs invalid warning Created: 28/Jul/20  Updated: 29/Jul/20

Status: Open
Project: OpenAM
Component/s: debug logging, scripting
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Craig McDonnell Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: FRAAS
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 1|i01nwv:


We're seeing some false-positive script evaluator warnings logged by AM in PaaS environments:

"Classname failed to match whitelist: 'org.forgerock.openam.auth.nodes.objAttrs'" 
"Classname failed to match whitelist: 'org.forgerock.guice.core.objAttrs'"

This occurs when evaluating the adminonboardingvalidate.javascript script:

var fr = new JavaImporter(

with (fr) {
  try {

    var realm = sharedState.get('realm');
    var username = sharedState.get('username');
    var identityProvider = InjectorHolder.getInstance(IdentityProvider);
    var identity = identityProvider.getIdentity(username, realm);
    var attrs = identity.getAttributes();
    if (!attrs.containsKey('fr-idm-inviteDate')) {
      throw new Error('Admin has no invite date');

    if (attrs.containsKey('fr-idm-onboardDate')) {
      throw new Error('Admin has already been onboarded');
    var objAttrs = { userName: username, mail: username };
    sharedState.put('objectAttributes', objAttrs);

    logger.message('AdminOnboarding: Validated admin during onboarding');
    outcome = 'true';

  } catch (e) {

    logger.error('AdminOnboarding: Failed to validate admin during onboarding');
    outcome = 'false';


Generated at Sat Feb 27 21:29:43 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.