The UmaClaimsGathering script implements the UmaClaimsGatheringType interface. This extends methods from the base script type in addition to adding new methods:
The getApiVersion method allows API changes in order to do transparent migration from an old script to a new API. Only include the customScript variable if the value for getApiVersion is greater than 10
Main gather method. Must return True (if gathering performed successfully) or False (if fail). Method must set claim into context (via context.putClaim('name', value)) in order to persist it (otherwise it will be lost). All user entered values can be access via Map context.getPageClaims()
fromio.jans.model.custom.script.type.umaimportUmaClaimsGatheringTypeclassUmaClaimsGathering(UmaClaimsGatheringType):def__init__(self,currentTimeMillis):self.currentTimeMillis=currentTimeMillisdefinit(self,customScript,configurationAttributes):print"Claims-Gathering. Initializing ..."print"Claims-Gathering. Initialized successfully"returnTruedefdestroy(self,configurationAttributes):print"Claims-Gathering. Destroying ..."print"Claims-Gathering. Destroyed successfully"returnTruedefgetApiVersion(self):return11# Main gather method. Must return True (if gathering performed successfully) or False (if fail).# Method must set claim into context (via context.putClaim('name', value)) in order to persist it (otherwise it will be lost).# All user entered values can be access via Map<String, String> context.getPageClaims()defgather(self,step,context):# context is reference of io.jans.as.uma.authorization.UmaGatherContextprint"Claims-Gathering. Gathering ..."ifstep==1:if(context.getPageClaims().containsKey("country")):country=context.getPageClaims().get("country")print"Country: "+countrycontext.putClaim("country",country)returnTrueprint"Claims-Gathering. 'country' is not provided on step 1."returnFalseelifstep==2:if(context.getPageClaims().containsKey("city")):city=context.getPageClaims().get("city")print"City: "+citycontext.putClaim("city",city)print"Claims-Gathering. 'city' is not provided on step 2."returnTruereturnFalsedefgetNextStep(self,step,context):return-1defprepareForStep(self,step,context):ifstep==10andnotcontext.isAuthenticated():# user is not authenticated, so we are redirecting user to authorization endpoint# client_id is specified via configuration attribute.# Make sure that given client has redirect_uri to Claims-Gathering Endpoint with parameter authentication=true# Sample https://sample.com/restv1/uma/gather_claims?authentication=true# If redirect to external url is performated, make sure that viewAction has onPostback="true" (otherwise redirect will not work)# After user is authenticated then within the script it's possible to get user attributes as# context.getUser("uid", "sn")# If user is authenticated to current AS (to the same server, not external one) then it's possible to# access Connect session attributes directly (no need to obtain id_token after redirect with 'code').# To fetch attributes please use getConnectSessionAttributes() method.print"User is not authenticated. Redirect for authentication ..."clientId=context.getConfigurationAttributes().get("client_id").getValue2()redirectUri=context.getClaimsGatheringEndpoint()+"?authentication=true"# without authentication=true parameter it will not workauthorizationUrl=context.getAuthorizationEndpoint()+"?client_id="+clientId+"&redirect_uri="+redirectUri+"&scope=openid&response_type=code"context.redirectToExternalUrl(authorizationUrl)# redirect to external urlreturnFalseifstep==10andcontext.isAuthenticated():# example how to get session attribute if user is authenticated to same ASarc=context.getConnectSessionAttributes().get("acr")returnTruedefgetStepsCount(self,context):return2defgetPageForStep(self,step,context):ifstep==1:return"/uma2/sample/country.xhtml"elifstep==2:return"/uma2/sample/city.xhtml"return""
