Scripting API
AM provides the following functionality and artifacts for scripting:
- Configuration Provider node scripts
-
Build a configuration map with custom values and add it to the authentication flow using a Configuration Provider node.
- Scripted Decision node API
-
Access data in request headers, shared state, and authenticated session data.
- Policy condition scripting API
-
Access the authorization state data, the information pertaining a session, and the user’s profile data in authorization policies.
- Customize OAuth 2.0
-
Extend OAuth 2.0 authorization server behavior:
-
Access token modification Modify the key-value pairs contained within an OAuth 2.0 access token.
-
Authorize endpoint data provider Return additional data from an authorization request.
-
Scope evaluation Evaluate and return an OAuth2 access token’s scope information.
-
Scope validation Customize the set of requested scopes for authorize, access token, refresh token and back channel authorize requests.
-
OIDC user info claims Map scopes to claims and data for OIDC tokens.
-
- Customize dynamic client registration
-
Customize an OAuth 2.0 / OIDC dynamic client after a registration request.
- Token exchange
-
Add
may_actclaims to OAuth 2.0 / OIDC exchanged tokens. - Customize SAML v2.0
-
Extend SAML v2.0 functionality:
-
IdP attribute mapper Map user-configured attributes to SAML attribute objects.
-
IdP adapter Customize the processing of the authentication request on the IdP.
-
NameID mapper Customize the value of the NameID attribute returned in the SAML assertion.
-
SP adapter Customize the processing of the authentication request on the SP.
-