Identity Cloud

Platform Password node

The Platform Password node prompts the user to enter their password and stores it in a configurable property of the shared node state.

Compatibility

Product Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

Inputs

This node uses the _id of the object for policy evaluation.

For existing users, the user’s _id must be in the shared state to evaluate user-specific policies, such as password history, cannot-contain-others, and so on. No _id is available for new users.

Dependencies

If this node’s Validate Password setting is enabled, the node relies on the underlying identity service for password policies.

Configuration

Property Usage

Validate Password

When enabled, this node uses the password policies in the underlying identity service to validate the user’s input. It returns any policy failures as errors.

For example, if you submitted an invalid password on registration, the response from this node would include a list of failed policies:

{
    "name": "failedPolicies",
    "value": [
        "{ \"params\": { \"minLength\": 8 }, \"policyRequirement\": \"MIN_LENGTH\" }",
        "{ \"params\": { \"numCaps\": 1 }, \"policyRequirement\": \"AT_LEAST_X_CAPITAL_LETTERS\" }",
        "{ \"params\": { \"numNums\": 1 }, \"policyRequirement\": \"AT_LEAST_X_NUMBERS\" }"
      ]
}

Default: disabled

Password Attribute

The attribute used to store a password in the managed identity object.

Default: password

Confirm Password

Enable this option to require the user to enter the password identically in a second field.

This property only appears when the node is placed within a Page node.

Default: disabled

Checkmark Policy Display

Enable this option to show a checkmark instead of faded bullet points on successful password validation.

This property only appears when the node is placed within a Page node.

Default: disabled

Outputs

On success, this node updates the Password Attribute property in the shared node state with the password.

The captured password is transient, persisting only until the authentication flow reaches the next node requiring user interaction. It may be persisted to the secure state if required later in the journey.

Outcomes

Single outcome path.

Errors

This node does not log error or warning messages of its own.

If it fails to get the result from the underlying identity service for a validation request, this node throws an exception with a Communication failure message.

Example

The following journey uses a Page node containing the Platform Username node and Platform Password node to collect the username and password and set their values in the shared node state:

Username and password authentication
Copyright © 2010-2024 ForgeRock, all rights reserved.