[keycloak-user] Authorization: Javascript policy
Pedro Igor Silva
psilva at redhat.com
Mon Mar 6 10:04:35 EST 2017
Hi Ori,
We are using Nashorn as script engine. So you should be able to
java.net.URL to query remote endpoints.
However, the types available from a JS policy are only those defined by the
dependencies here
${KEYCLOAK_SERVER_DIR}/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml.
Probably something we can improve in order to provide a better way to
define custom dependencies for JS policies.
On Mon, Feb 27, 2017 at 1:00 PM, Ori Doolman <Ori.Doolman at amdocs.com> wrote:
> Hi,
> How rich can the Javascript policy be?
> Is it limited to only specific interface ($evaluation), or can I use any
> Javascript package/code I want ?
> Specifically, I need to have a mapping table between a token claim (user
> attribute) to a list-of-IDs.
> Can I query another server using HTTP request within a policy code?
> Or can I query the user database from the policy code?
> Or can I pre-load the mapping table into PDP memory and query it from
> policy code?
>
> Thanks,
> Ori.
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
>
> you may review at http://www.amdocs.com/email_disclaimer.asp
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list