IBM Security Verify

 View Only

Attempting to use executeInAccessPolicy from an Access Policy

  • 1.  Attempting to use executeInAccessPolicy from an Access Policy

    InnerCircle
    Posted Wed August 24, 2022 08:35 AM
    Edited by Wendy Batten Thu August 25, 2022 08:43 AM
    Hi Team,

    I'm looking to access an authentication service policy from an Access Policy using the AuthSvcClient "executeInAccessPolicy" method as described here: https://www.ibm.com/docs/en/sva/10.0.4?topic=authentication-execute-service-policies-in-info-map

    However, I'm receiving the errors:
    • If I attempt to import the Class: Caused by: org.mozilla.javascript.EvaluatorException: Function importClass must be called with a class; had "[JavaPackage com.tivoli.am.fim.authsvc.local.client.AuthSvcClient] instead."
    • If I attempt to call the Class directly: Caused by: org.mozilla.javascript.EcmaError: TypeError: Cannot call property executeInAccessPolicy in object [JavaPackage com.tivoli.am.fim.authsvc.local.client.AuthSvcClient]. It is not a function, it is "object".
    It appears that the AuthSvcClient Class has not been whitelisted for Access Policies as per here: https://www.ibm.com/docs/en/sva/10.0.4?topic=rules-javascript-whitelist

    The sample snippet I'm using within an Access Policy script is (noting that the sample includes both import of Class and calling the Class directly):
    importClass(Packages.com.tivoli.am.fim.authsvc.local.client.AuthSvcClient);
    //...
    var jsonRequest = {
    	"PolicyId": "urn:ibm:security:authentication:asf:testing",
    	"operation":"verify"
    };
    var response = com.tivoli.am.fim.authsvc.local.client.AuthSvcClient.executeInAccessPolicy(context, JSON.stringify(jsonRequest), com.tivoli.am.fim.authsvc.local.client.AuthSvcClient.getSimpleSTSUU("testuser"));
    
    IDMappingExtUtils.traceString("AuthSvcClient JSON response: " + response);
    //...​


    So, my questions are:
    1) have I misunderstood the intent of this feature?
    2) if not, is my snippet incorrect?


    Thanks!



    ------------------------------
    Andrew
    ------------------------------