AM 7.3.1

Zero Page Login Collector node

Checks whether selected headers are provided in the incoming authentication request, and if so, uses their values as the provided username and password.

A common use for the Zero Page Login Collector authentication node is to connect the Has Credentials outcome connector to the input of a Data Store Decision node, and the No Credentials outcome connector to the input of a Username Collector node followed by a Password Collector node, and then into the same Data Store Decision node. For an example of this layout, refer to the default Example authentication tree provided in AM.

The password collected by this node is transient, persisting only until the next node requiring user interaction.


  • Has Credentials

  • No Credentials

Evaluation continues along the Has Credentials outcome path if the specified headers are available in the request, or the No Credentials path if the specified headers are not present.


Property Usage

Username Header name

Enter the name of the header that contains the username value.

Default: X-OpenAM-Username

Password Header name

Enter the name of the header that contains the password value.

Default: X-OpenAM-Password

Allow without referer

If enabled, the node accepts incoming requests that do not contain a Referer HTTP header. If a Referer HTTP header is present, the value is not checked.

If disabled, a Referer HTTP header must be present in the incoming request, and the value must appear in the Referer allowlist property.

Default: Enabled

Referer Whitelist

Specify a list of URLs allowed in the Referer HTTP header of incoming requests. Incoming requests containing a Referer HTTP header value not specified in the allowlist causes evaluation to continue along the No Credentials outcome path.

You must disable the Allow Without Referer property for the referer allowlist property to take effect.


The Example authentication tree, showing Zero Page Login node use.
Copyright © 2010-2024 ForgeRock, all rights reserved.