NAM User Attribute Retrieval from REST Endpoint and Transformation into Virtual Attribute

NAM User Attribute Retrieval from REST Endpoint and Transformation into Virtual Attribute

Introduction



Access Manager can retrieve an attribute from an external resource and transform it before using this value with assertion and access policies. This feature supports user attribute modifications like transform value to uppercase etc., In some of the cases, the user information needs to be retrieved from a third party server from REST endpoint. This case NAM doesn’t support REST endpoint as data source. To overcome this we have to call the REST endpoint from JavaScript. The following solution provides details about how to call REST endpoint and shows how to do complex attribute modification using Java within JavaScript.

Solution:




Java 8 comes with Nashhorn JavaScript Engine. Nashhorn JavaScript Engine runs JavaScript code natively on the JVM. Create utility methods in Java and call those Java functions from JavaScript.

Java class used with virtual attribute JavaScript, should implement static methods. Static methods are easy to call from the JavaScript. Example Java class:

package testwebproj;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

public class BeanCls {
public static String fun1(String name) {
/*String https_url = "https://www.google.com/";
URL url;
try {

url = new URL(https_url);
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();

System.out.println("****** Content read from the URL ********");
BufferedReader br =
new BufferedReader(
new InputStreamReader(con.getInputStream()));

String input;

while ((input = br.readLine()) != null){
System.out.println(input);
}
br.close();

} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}*/
System.out.format("Hi there from Java, %s ** ", name);
return "greetings from java, " + name;
}
}


Above bean class implements static method “fun1”. Parameters can be passed from JavaScript and object can be returned to JavaScript method from where this Java method is invoked. The below example shows how to invoke “BeanCls” from JavaScript.

var MyJavaClass = Java.type('testwebproj.BeanCls');
print(MyJavaClass);
var result = MyJavaClass.fun1('John Doe'); // java method return value
print(result);


One can write their own Java utility method to call REST endpoint and return the value to be used as virtual attribute value.

Configuration Steps:




  1. Create Java utility class with static method. (example Java class is above in this page)
  2. Make jar of utility class and copy jar to IDP /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib or copy classes with package structure to IDP’s NIDP webapp classes folder.
  3. Restart IDP (/etc/init.d/novell-idp restart)
  4. Login to admin console
  5. Click on IDP clusters --> shared settings
  6. Select virtual attributes
  7. Click ‘+’ to add new virtual attribute

    virtual-attribute-config


  8. Give name and description to virtual attribute
  9. Go to Step 2 and select “Advanced: Javascript" provide script ‘function main()’ as default method and call your custom JavaScript method to your requirements. Example below:
    function main(){
    return mapGroups();
    }

    function mapGroups(){
    var MyJavaClass = Java.type('testwebproj.BeanCls');
    var result = MyJavaClass.fun1('John Doe');
    return "**"+result;
    }


    virtual-attribute-script

  10. Note: Test will fail as class not found, ignore this error or copy your utility class jar to admin console under nps project.
  11. Click ok and update IDP
  12. Now virtual attribute is read to use. Utility java class can read REST endpoint and returns required value.
  13. Virtual attribute can be configured as part of access policy or add to attribute set and send with assertion.
    Access policy example: II policy injects virtual attribute to custom header.

    virtual-attribute-policy



Resources:



Labels (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:06
Updated by:
Micro Focus Contributor
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.