Configure an authentication journey to always run
You can set a journey to execute regardless of whether a user has already authenticated successfully
and a session exists or not.
If enabled, the journey runs even when the session was created through a different journey and
irrespective of the value of the ForceAuth parameter.
If you have configured an app journey, for example, by associating a journey with a SAML 2.0 application, then you don’t need to configure the journey to always run because this is default functionality for app journeys.
| Don’t configure a journey to always run when it’s set as the default journey or when it’s mapped to the default ACR. |
If a user successfully logs in using a specific authentication journey and then tries to reauthenticate to the same journey while the session is still valid, the default behavior is for the authentication flow to skip the processing of the journey.
For example, the Set Session Properties node is never run in this scenario:
Set the mustRun property to true in the journey configuration by sending a PUT request to the /trees endpoint.
Include the journey ID and all the nodes in the journey.
Example
$ curl \
--header "Content-Type: application/json" \
--header "<session-cookie-name>: AQIC5..." \
--header 'accept-api-version: protocol=2.1,resource=1.0' \
--header "If-Match: *" \
--request PUT \
--data '
{
"entryNodeId": "83fa0ce2-1b0f-4f8f-83fb-0d2648339797",
"nodes": {
"83fa0ce2-1b0f-4f8f-83fb-0d2648339797": {
"displayName": "Page Node",
"nodeType": "PageNode",
"x": 437,
"y": 187,
"connections": {
"outcome": "8113abc2-9bbe-4510-a676-bb4cb1dba6a6"
}
},
"2e0fb163-98d1-4ae1-88da-24d7f39cee1e": {
"displayName": "Set Session Properties",
"nodeType": "SetSessionPropertiesNode",
"x": 468,
"y": 20,
"connections": {
"outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0"
}
},
"adec5f3d-db07-4e2d-bd9e-2aedfe95b636": {
"displayName": "Scripted Decision",
"nodeType": "ScriptedDecisionNode",
"x": 38,
"y": 113,
"connections": {
"noSession": "83fa0ce2-1b0f-4f8f-83fb-0d2648339797",
"sessionExists": "2e0fb163-98d1-4ae1-88da-24d7f39cee1e"
}
},
"8113abc2-9bbe-4510-a676-bb4cb1dba6a6": {
"displayName": "Identity Store Decision",
"nodeType": "IdentityStoreDecisionNode",
"x": 686,
"y": 214,
"connections": {
"locked": "e301438c-0bd0-429c-ab0c-66126501069a",
"cancelled": "e301438c-0bd0-429c-ab0c-66126501069a",
"expired": "e301438c-0bd0-429c-ab0c-66126501069a",
"false": "e301438c-0bd0-429c-ab0c-66126501069a",
"true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0"
}
}
},
"mustRun": true
}' \
'https://<tenant-env-fqdn>/am/json/realms/root/realms/alpha/realm-config/authentication/authenticationtrees/trees/myAuthTree"
{
"_id": "myAuthTree",
"_rev": "71943491",
"uiConfig": {},
"entryNodeId": "83fa0ce2-1b0f-4f8f-83fb-0d2648339797",
"innerTreeOnly": false,
"nodes": {
"83fa0ce2-1b0f-4f8f-83fb-0d2648339797": {
"displayName": "Page Node",
"nodeType": "PageNode",
"x": 437,
"y": 187,
"connections": {
"outcome": "8113abc2-9bbe-4510-a676-bb4cb1dba6a6"
}
},
"2e0fb163-98d1-4ae1-88da-24d7f39cee1e": {
"displayName": "Set Session Properties",
"nodeType": "SetSessionPropertiesNode",
"x": 468,
"y": 20,
"connections": {
"outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0"
}
},
"adec5f3d-db07-4e2d-bd9e-2aedfe95b636": {
"displayName": "Scripted Decision",
"nodeType": "ScriptedDecisionNode",
"x": 38,
"y": 113,
"connections": {
"noSession": "83fa0ce2-1b0f-4f8f-83fb-0d2648339797",
"sessionExists": "2e0fb163-98d1-4ae1-88da-24d7f39cee1e"
}
},
"8113abc2-9bbe-4510-a676-bb4cb1dba6a6": {
"displayName": "Identity Store Decision",
"nodeType": "IdentityStoreDecisionNode",
"x": 686,
"y": 214,
"connections": {
"locked": "e301438c-0bd0-429c-ab0c-66126501069a",
"cancelled": "e301438c-0bd0-429c-ab0c-66126501069a",
"expired": "e301438c-0bd0-429c-ab0c-66126501069a",
"false": "e301438c-0bd0-429c-ab0c-66126501069a",
"true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0"
}
}
},
"staticNodes": {
"startNode": {
"x": 20,
"y": 20
},
"70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {
"x": 913,
"y": 31
},
"e301438c-0bd0-429c-ab0c-66126501069a": {
"x": 932,
"y": 305
}
},
"mustRun": true,
"enabled": true
}