AM 7.3.0

Step 3. Configure AM

Authentication trees provide fine-grained authentication by allowing multiple paths and decision points throughout the authentication flow.

Authentication trees are made up of authentication nodes, which define actions taken during authentication. Authentication nodes are granular, with each node performing a single task, such as collecting a username or making a simple decision. Authentication nodes can have multiple outcomes rather than just success or failure.

AM provides a number of sample authentication trees to demonstrate how nodes can be put together. For information on setting up authentication trees, see Configure authentication trees.

Configure an authentication tree

Follow these steps to create an authentication tree that you can use to log in to AM:

  1. On the Realms page of the AM admin UI, choose the realm in which to create the authentication tree.

  2. On the Realm Overview page, click Authentication in the menu on the left, and click Trees.

  3. On the Trees page, click Create Tree.

    Enter a tree name; for example, myAuthTree, and click Create.

    The authentication tree designer is displayed, with the Start entry point connected to the Failure exit point, and a Success node.

    The authentication tree designer provides the following features on the toolbar:

    Authentication tree designer toolbar
    Button Usage
    Trees auto layout

    Lay out and align nodes according to the order they are connected.

    Trees full screen

    Toggle the designer window between normal and full-screen layout.

    Trees delete node

    Remove the selected node. Note that the Start entry point cannot be deleted.

  4. Drag the following nodes from the Components panel on the left-hand side and drop them into the designer area:

    The Data Store Decision authentication node uses the credentials to authenticate the user against the identity stores configured for the realm. In this example, the username and password are obtained by a combination of the Username Collector and Password Collector nodes.

  5. Drag and drop the Username Collector and Password Collector onto the Page node, so that they will both appear on the same page when logging in.

  6. Connect the nodes as follows:

    A tree that can be used to authenticate a user.

    You can configure the node properties by using the panel on the right side of the page. For more information on the available properties for each node, see Authentication nodes configuration reference.

    For more information on setting up more complex authentication trees, see Configure authentication trees.

  7. You are now ready to authenticate your first user!

Copyright © 2010-2024 ForgeRock, all rights reserved.