Registering JavaScript extensions

JavaScript extensions might not be useful or applicable to every scriptable function that IBM Verify Identity Governance provides. For example, an extension used by Post Office templates might not be applicable to provisioning policy parameters. An extension designed for one class of script might not load or behave appropriately when loaded into another class of script.

IVIG has the classes of script that are listed in Table 1. JavaScript extensions might be registered to load and run with any combination of these script classes.

JavaScript extensions are configured in these files:

scriptframework.properties (suggested)

For all new extensions. Use this file to configure script extensions and other scripting functions.

JavaScript extensions are registered in the

IM_HOME/data/scriptframework.properties file. This file is formatted with the standard Java™ Properties key[.subkey]=value format.

The key is the name assigned to the target script class, described in Table 1.
The value is the full class name of the ScriptExtension interface.
(Optional) The subkey is used when more than one extension is registered for a script class.

Note:

IVIG is installed with a set of extensions for each script class already registered in the scriptframework.properties file. Do not remove these extensions from the file as they are necessary for the product to function correctly.
To prevent the possibility of a code injection attack, do not use the JavaScript function eval().
By default, only the set of extensions registered in the scriptframework.properties file is available for the particular script. You can configure any supported extension for the script by registering JavaScript extensions in the scriptframework.properties file. For information about supported script extensions, see Table 1. For information about the properties and methods available for each JavaScript extension object, see JavaScript extension reference.

fesiextensions.properties (deprecated)

Provides support for Free ECMAScript Interpreter (FESI) JavaScript extensions before Version 5.0 of IBM® Tivoli® Identity Manager. Do not author new extensions with this deprecated architecture.

If you continue to use the deprecated fesiextensions.properties file, save the fesi.jar library in the IM_HOME/lib directory before you upgrade Tivoli Identity Manager to Version 5.0 or later versions. Replace the newly installed file with the custom fesi.jar file after the upgrade completes.

The following line registers a single extension for use in IVIG scripts:

ITIM.extension.IdentityPolicy=com.ibm.itim.policy.script.IdentityPolicyExtension

These example lines register multiple extensions for use in IVIG scripts:

ITIM.extension.IdentityPolicy.1=com.ibm.itim.policy.script.IdentityPolicyExtension 
ITIM.extension.IdentityPolicy.2=com.yourcompany.script.YourCustomExtension

Table 1. Script class keys
Host Component	Script Class Key
`AccountTemplate`	`ITIM.extension.AccountTemplate`
`Delegate`	`ITIM.extension.Delegate`
`HostSelection`	`ITIM.extension.HostSelection`
`IdentityPolicy`	`ITIM.extension.IdentityPolicy`
`OrphanAdoption`	`ITIM.extension.OrphanAdoption`
`PersonPlacementRules`	`ITIM.extension.PersonPlacementRules`
`PostOffice`	`ITIM.extension.PostOffice`
`ProvisioningPolicy`	`ITIM.extension.ProvisioningPolicy`
`Reminder`	`ITIM.extension.Reminder`
`Workflow`	`ITIM.extension.Workflow`
`Workflow Notification`	`ITIM.extension.Notification`
`TODO Notification (Approval/RFI/ComplianceAlert/WorkOrder)`	`ITIM.extension.Notification`