JavaScript whitelist
Advanced Access Control JavaScript mapping rules and Federation mapping rules call Java™ code from JavaScript. The set of classes that can be called is restricted.
Exercise reasonable caution when you call Java code from JavaScript rules to ensure that accidental damage to appliance resources is avoided.
Common classes allowed in one-time password, OAuth or API protection, dynamic attributes, and JavaScript PIP, federation mapping rules, and access policies. |
---|
** Inner classes for these classes are not supported. Methods that involve an inner class implementation of an interface are not available. For example, do not use the following methods in java.util.HashMap:
For information about federation mapping rules, see Mapping rules. |
Additional classes allowed in one-time password, OAuth or API protection mapping rules, federation mapping rules, and access policies |
---|
* The white list does not contain any implementation of the interfaces that are defined in the org.w3c.dom package. For example, you cannot use the method org.w3c.dom.Document toXML() in com.tivoli.am.fim.trustserver.sts.STSUniversalUser. |
Additional classes allowed in JavaScript PIP |
---|
For more information about policy information points, see Managing policy information points. |
Additional classes allowed in mapping rules |
---|
For information on mapping rules, see: |
Additional classes to manage server connections |
---|
For more information, see Managing server connections. |
Classes to use with InfoMap |
---|
For more information, see Configuring an Info Map authentication mechanism. |
Classes to use in Access Policies |
---|
For more information, see Access policies. |