trivir · skootrivir · May 5, 2025 · May 7, 2025 · May 12, 2025 · May 14, 2025
diff --git a/src/api/AuthenticateApi.ts b/src/api/AuthenticateApi.ts
@@ -1,8 +1,9 @@
 import util from 'util';
 
 import { State } from '../shared/State';
+import { debugMessage } from '../utils/Console';
 import { getRealmPath } from '../utils/ForgeRockUtils';
-import { generateAmApi } from './BaseApi';
+import { generateAmApi, generateIdmApi } from './BaseApi';
 
 const authenticateUrlTemplate = '%s/json%s/authenticate';
 const authenticateWithServiceUrlTemplate = `${authenticateUrlTemplate}?authIndexType=service&authIndexValue=%s`;
@@ -73,3 +74,31 @@ export async function step({
   }).post(urlString, body, config);
   return data;
 }
+
+/**
+ *
+ * @param {any} body POST request body
+ * @param {any} config request config
+ * @returns Promise resolving to the authentication service response
+ */
+export async function stepIdm({
+  body = {},
+  config = {},
+  state,
+}: {
+  body?: object;
+  config?: object;
+  realm?: string;
+  service?: string;
+  state: State;
+}): Promise<any> {
+  debugMessage({
+    message: `AuthenticateApi.stepIdm: function start `,
+    state,
+  });
+  const urlString = `${state.getHost()}/authentication?_action=login`;
+  const response = await generateIdmApi({
+    state,
+  }).post(urlString, body, config);
+  return response;
+}
diff --git a/src/api/BaseApi.ts b/src/api/BaseApi.ts
@@ -312,6 +312,10 @@ export function generateIdmApi({
         ...(state.getBearerToken() && {
           Authorization: `Bearer ${state.getBearerToken()}`,
         }),
+        ...(!state.getBearerToken() && {
+          'X-OpenIDM-Username': state.getUsername(),
+          'X-OpenIDM-Password': state.getPassword(),
+        }),
       },
       httpAgent: getHttpAgent(),
       httpsAgent: getHttpsAgent(state.getAllowInsecureConnection()),

diff --git a/src/ops/AuthenticateOps.ts b/src/ops/AuthenticateOps.ts
@@ -2,7 +2,7 @@ import { createHash, randomBytes } from 'crypto';
 import url from 'url';
 import { v4 } from 'uuid';
 
-import { step } from '../api/AuthenticateApi';
+import { step, stepIdm } from '../api/AuthenticateApi';
 import { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';
 import Constants from '../shared/Constants';
 import { State } from '../shared/State';
@@ -155,12 +155,23 @@ let adminClientId = fidcClientId;
  * @returns {string} cookie name
  */
 async function determineCookieName(state: State): Promise<string> {
-  const data = await getServerInfo({ state });
+  let cookieName = null;
+  try {
+    const data = await getServerInfo({ state });
+    cookieName = data.cookieName;
+  } catch (e) {
+    if (
+      e.response?.status !== 401 ||
+      e.response?.data.message !== 'Access Denied'
+    ) {
+      throw e;
+    }
+  }
   debugMessage({
-    message: `AuthenticateOps.determineCookieName: cookieName=${data.cookieName}`,
+    message: `AuthenticateOps.determineCookieName: cookieName=${cookieName}`,
     state,
   });
-  return data.cookieName;
+  return cookieName;
 }
 
 /**
@@ -335,6 +346,7 @@ async function determineDeploymentType(state: State): Promise<string> {
       return deploymentType;
 
     case Constants.CLASSIC_DEPLOYMENT_TYPE_KEY:
+    case Constants.IDM_DEPLOYMENT_TYPE_KEY:
       debugMessage({
         message: `AuthenticateOps.determineDeploymentType: end [type=${deploymentType}]`,
         state,
@@ -409,10 +421,35 @@ async function determineDeploymentType(state: State): Promise<string> {
               });
               deploymentType = Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY;
             } else {
-              verboseMessage({
-                message: `Classic deployment`['brightCyan'] + ` detected.`,
-                state,
-              });
+              try {
+                const idmresponse = await stepIdm({
+                  body: {},
+                  config: {},
+                  state,
+                });
+                if (
+                  idmresponse.status === 200 &&
+                  idmresponse.data?.authorization.authLogin
+                ) {
+                  verboseMessage({
+                    message:
+                      `Ping Identity IDM deployment`['brightCyan'] +
+                      ` detected.`,
+                    state,
+                  });
+                  deploymentType = Constants.IDM_DEPLOYMENT_TYPE_KEY;
+                } else {
+                  verboseMessage({
+                    message: `Classic deployment`['brightCyan'] + ` detected.`,
+                    state,
+                  });
+                }
+              } catch {
+                verboseMessage({
+                  message: `Classic deployment`['brightCyan'] + ` detected.`,
+                  state,
+                });
+              }
             }
           }
         }
@@ -471,7 +508,18 @@ async function getFreshUserSessionToken({
       'X-OpenAM-Password': state.getPassword(),
     },
   };
-  let response = await step({ body: {}, config, state });
+  let response;
+  try {
+    response = await step({ body: {}, config, state });
+  } catch (e) {
+    if (
+      e.response?.status !== 401 ||
+      e.response?.data.message !== 'Access Denied'
+    ) {
+      throw e;
+    }
+    return null;
+  }
 
   let skip2FA = null;
   let steps = 0;
@@ -553,6 +601,7 @@ async function getUserSessionToken(
       otpCallbackHandler: otpCallback,
       state,
     });
+    if (!token) return token;
     token.from_cache = false;
     debugMessage({
       message: `AuthenticateOps.getUserSessionToken: fresh`,
@@ -940,6 +989,7 @@ async function determineDeploymentTypeAndDefaultRealmAndVersion(
     state,
   });
   state.setDeploymentType(await determineDeploymentType(state));
+  if (state.getDeploymentType() === Constants.IDM_DEPLOYMENT_TYPE_KEY) return;
   determineDefaultRealm(state);
   debugMessage({
     message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`,
@@ -1162,7 +1212,7 @@ export async function getTokens({
       });
       const token = await getUserSessionToken(callbackHandler, state);
       if (token) state.setUserSessionTokenMeta(token);
-      if (usingConnectionProfile && !token.from_cache) {
+      if (usingConnectionProfile && (!token || !token.from_cache)) {
         saveConnectionProfile({ host: state.getHost(), state });
       }
       await determineDeploymentTypeAndDefaultRealmAndVersion(state);
@@ -1191,6 +1241,14 @@ export async function getTokens({
     else {
       throw new FrodoError(`Incomplete or no credentials`);
     }
+    // Return IDM tokens for IDM deployment type
+    if (state.getDeploymentType() === Constants.IDM_DEPLOYMENT_TYPE_KEY) {
+      return {
+        subject: state.getUsername(),
+        host: state.getHost(),
+        realm: state.getRealm() ? state.getRealm() : 'root',
+      };
+    }
     if (
       state.getCookieValue() ||
       (state.getUseBearerTokenForAmApis() && state.getBearerToken())