Gluu Blog

Follow us:
Back to Blog

Five Interceptions of the OX OP

Michael Schwartz August 20, 2013

Use Jython to Customize Authentication and Authorization policy

We’ve designed the Gluu Server to be very flexible. Using the web based oxTrust application, admins can use Jython scripts to customize behavior.

Jython was chosen because an interpreted language facilitates dynamic creation of business logic, and makes it easier to distribute this logic to a cluster of Gluu Servers. Another advantage of Jython was that developers can use either Java or Python classes. Combined with the option of calling web services from Python or Java, this enables the Gluu Server to support any crazy requirement. Domains can use “interception” scripts to code their own business logic in five areas:

  1. Authentication: Implement adaptive authentication to identify people in one or more steps, and if needed, support SSO workflows other than SAML & OpenID Connect such as CAS or Social Login.
  2. Authorization: Express your policies in Python or Java, or call an external entitlements management system, like XACML or SiteMinder.
  3. Attribute Transformation: Create new attributes, change attribute names, or change the value of existing attributes.
  4. Logout: Make sure you logout of any backend services, such as an external IDP or porotal, or SSO environment.
  5. ID Generation: People don’t see their internal id, but domains may want to use one convention or another to provide a “primary key” value to identify an entity (person, client, etc.) UUID’s are the most common, but also used is IPv6 addresses, DNS style names, or custom schemes.

Below is an example of each.

If you have questions or would like to see a demo, feel free to schedule a call or contact us.

Authentication Script

Interface:

Sample Script

Attribute Transformation Script

Interfaces:

Sample Attribute Transformation Script

Authorization Script

Interfaces:

Python sample authorization script (authorize only if user location claim equals to Austin)

Logout

Interface:

Sample Script:

GenerateID

Interface:

Sample Script:

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.