Identity Cloud

Failure node

The Failure node is a required element indicating the journey ended in failure.

Compatibility

Product Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

Inputs

The failure outcomes of any preceding nodes.

Dependencies

None.

Configuration

This node has no configurable properties.

Outputs

None. The authentication journey ends in failure.

Outcomes

The authentication journey completes, ending in failure.

Identity Cloud redirects the user to a failure URL.

Errors

The error depends on the Authentication > Settings > Account Lockout > Login Failure Lockout Mode setting for the realm (under Native Consoles > Access Management).

Without the setting enabled, by default, the node returns an error with a message such as the following:

{"code":401,"reason":"Unauthorized","message":"Login failure"}

With the setting enabled, the node checks the invalid attempts property of the user profile and does the following:

  • Returns a warning message if the number of failed attempts is equal to or greater than the Authentication > Settings > Account Lockout > Warn User After N Failures setting:

    {
      "code": 401,
      "reason": "Unauthorized",
      "message": "Warning: You will be locked out after 1 more failure(s).",
      "detail": {
        "failureUrl": ""
      }
    }
  • Increments the failure count in the user profile.

  • Returns an error message if the account is Inactive:

    {
      "code": 401,
      "reason": "Unauthorized",
      "message": "User Locked Out.",
      "detail": {
        "failureUrl": ""
      }
    }

To troubleshoot an authentication failure, review the steps in the journey to find what caused the failure.

Examples

All authentication journeys have a Failure node as one of their terminals.

Copyright © 2010-2024 ForgeRock, all rights reserved.