Hi, Ben. Please be warned that custom scripts are not covered by free Community support. Yet, as Gluu is open source project, all source codes are available for you to study. [Here](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations) we have a great selection of ready authentication scripts you can read and configure in your instance to experiment with, what should be enough to get a basic understanding and find some code to reuse in your own script. You can check what classes they import and study their composition to learn what other interfaces they offer. We can provide you some hints even in this case, but please be as specific as possible when asking. I can't say yet I'm completely understand your use case, could you give some example, perhaps? Couldn't get what "claims not set against a user" mean, for example. I'll try to answer next part: >I think If I can get hold of the sessionclient I can then get to the client and scopes requested which is a start. Here is code example that should deliver you current user's session state: ``` context = Contexts.getEventContext() session_attributes = context.get("sessionAttributes") if session_attributes.containsKey("origin_headers): origin_headers = session_attributes.get("origin_headers") ``` `session_atrributes` should look like this: ``` {"scope":"openid profile email user_name","response_type":"code id_token","origin_headers":"https://sp.gluu.org/shibboleth","nonce":"nonce","redirect_uri":"https://nest.gluu.org/idp/auth-code.jsp","remote_ip":"192.168.15.1","auth_step":"1","client_id":"@!6BED.0CBA.D569.AA67!0001!6E3D.B9BF!0008!082F.319E","acr":"internal"} ``` I guess that contains what your need: "requested scopes for the user"

Thank you for your response it is much appreciated. The oxd clients A and B would require the unique reference for a person to be identified for the respective client. This may be claims a,b,c required to identify a person in client A and claims d, e, f to identify a person in client B. Once a person has been matched in the client the unique Id can be stored in gluu for future interaction so this is on first attempt to authenticate against each client a matching process is done. The plan is to define a scope for each client containing the required claims and a claim for the unique id. This means on authentication we can check for clientAscopeid(unique person Id) if not set pop a form to collect claims a, b, and c. With the claims a matching web service could then be called in client A to get a unique person Id to store in the claim clientAscopeid. On second authentication clientAscopeid would be set so the matching process would not be repeated. At a later date if access to client B is attempted then a similar matching process would be done to get clientBscopeid claim set to the unique person reference for client B. From the above the poc aims to show case: 1. Read the requested scopes 2. Read the claims belonging to each scope 3. Determine if the person has been matched If not pass meta data to describe the claims required for matching to a form 4.Form to render from meta data and collect required claims 5.On return from the form call a web service using the claims collected to match on a person. 6.Store the unique person identifier returned from the matching web service. Please let me know if you need any further clarification on the scenario.

I have written the script to read claims metadata ( information held in ldap) that belong to a scope. I have looked at passing values between steps. I want to share the claim metadata with a custom form. I have looked at the integration examples on git hub. Is there a way to pass values from the script to a form which is configured in getPageForStep ? Any suggestions would be greatly appreciated.

Hi, Ben. Sorry for the pause. Have you managed to achieve what you wanted back then? Could you update me on your current status and pending questions?

Hi Aliaksandr, Thanks for coming back to me. I have achieved this is in a slightly different way. Michael shared the following link which demonstrated accessing the Gluu object model from the JSF page: [Example of accessing Gluu object model from JSF page](https://github.com/GluuFederation/oxAuth/blob/be8374d60abb715e70035bf601753a11c558144f/Server/src/main/webapp/auth/super-gluu/login.xhtml#L116) I could get the claims in the script for a specific scope. The issue was then the object model was not JSON serialisable to pass as a parameter to the page or next step in the script. I started thinking about creating python objects which were serialisable but then based on the link above I changed to a simpler solution accessing the claims in the scope in the JSF page. This simplified the approach. I had to use JSLT to process the claims and dynamically render HTML controls correctly. Also changed the page to output HTML 5 and therefore not using many of the JSF UI components as they are not HTML 5 aware. I did raise a separate ticket yesterday about breaking down the python script into reusable modules so I could share the code between scripts but hit issues. The ticket got closed very quickly without resolution because it was a customisation question on the community support channel: [Unable to use python module from custom script](https://support.gluu.org/customization/4346/unable-to-use-python-module-from-custom-script/#at24138)

Gentlemen, Do you think we can close this ticket?

Yes, can't add much here. I can understand your disappointment regarding closure of the other ticket, Ben. Though we sometimes assist our Community users with script development, your questions started to touch complex topics we usually need consultation from our dev team on. And that's not something we can afford in Community support.. Unless there is a possibility of bug, of course. Seems like you are doing some deep customizations and intend to use Gluu in production after that. Do you think your organisation could afford paid support plan, then?

Hi Aliaksandr, This is something we are looking into.