Data Store Decision node
The Data Store Decision node checks that the credentials provided during authentication match the ones stored in the configured data store for the realm.
ForgeRock Identity Cloud
ForgeRock Access Management (self-managed)
ForgeRock Identity Platform (self-managed)
The Data Store Decision node is a basic node used in many types of authentication application types, such as basic, push, OAuth 2.0, and social provider authentication applications.
Returns a boolean outcome:
The credentials match those found in the data store.
The credentials do not match those found in the data store.
The following Data Store Decision node warnings and errors can appear in the logs:
"invalid password error"
"invalid username error"
"Exception in data store decision node"
This example illustrates a simple login process. The journey involves a Page node that contains two embedded nodes: Platform Username node and Platform Password node. To enhance user experience, the Page node lets users input their username and password on a single page, instead of splitting them across two different pages.
The Data Store Decision node has two outcomes:
When the outcome is
True, it triggers a Login Count Decision node.
The Increment Login Count node then moves to an Inner Tree Evaluator node, which performs additional login processes.
False outcome connects directly to a failure node,
indicating a failed state where the username and/or password provided by the user did not match the information stored
in the data store.
In the following example, when an authentication attempt fails at the Data Store Decision node, you can direct it to a Retry Limit Decision node. The Retry Limit Decision node determines the number of retries allowed and either retries the login attempt or rejects it. If the journey rejects the login attempt after reaching the configured limit, for example three attempts, the operation results in an account lockout.
The following are alternate nodes that you can use in your journeys depending on your specific use cases:
The LDAP Decision node supports LDAP Behera Password Policies with separate outcomes for accounts that are locked and passwords that have expired.
In Identity Cloud applications, the Identity Store Decision node is an enhanced node with additional outcomes. Use this node if your authentication journey needs more functionality than a simple