Identity Cloud

Passthrough Authentication node

Authenticates an identity through a connector to a third-party service.

This lets you migrate user profiles without forcing users to reset their passwords, or retain a third-party service indefinitely as the canonical store for authentication credentials.

Before you use the node:

  • Configure the connector to the third-party service.

    For details, refer to Sync identities.

  • If you plan to collect credentials in the identity repository for users, synchronize accounts from the third-party service.

    For details, refer to Sync identities.

Use this node after collecting the authentication credentials. For example, use the Platform Username node and the Platform Password node to collect the username and password.

Pass the credentials to this node to authenticate the identity against the service.

Outcomes

  • Authenticated

  • Missing Input

  • Failed

Properties

Property Usage

System Endpoint

Required. Name of the connector to the third-party service that performs authentication.

Object Type

The OpenICF object type for the object being authenticated.

Default: account

Identity Attribute

The username attribute for authentication.

Default: userName

Password Attribute

The password attribute for authentication.

Default: password

Example

Before trying this example, synchronize accounts from the third-party service. The example shows a login flow that tries pass-through authentication when local authentication fails, and stores the user password when authentication with the third-party service succeeds.

In this example, the user enters their credentials with the Platform Username node and Platform Password node. The Data Store Decision node authenticates against the platform directory service. On failure, authentication passes through to the third-party service. On success, the Identify Existing User node and Required Attributes Present node check for a valid user profile. The Patch Object node updates the user’s profile with the successful password:

Passthrough authentication that updates user credentials
Node connections
Table 1. List of node connections
Source node Outcome path Target node

Page Node containing:

  • Platform Username

  • Platform Password

Data Store Decision

Data Store Decision

True

Passthrough Authentication

False

Increment Login Count

Passthrough Authentication

Authenticated

Identify Existing User

Missing Input

Page Node

Failed

Failure

Identify Existing User

True

Required Attributes Present

False

Increment Login Count

Required Attributes Present

True

Patch Object

False

Increment Login Count

Patch Object

Patched

Increment Login Count

Failed

Increment Login Count

Increment Login Count

Inner Tree Evaluator

Inner Tree Evaluator

True

Success

False

Failure

Copyright © 2010-2022 ForgeRock, all rights reserved.