Identity Cloud

Login with self-service

The ForgeRock Identity Platform login flow is set up to use self-service, as in the sample Login journey. This journey lets users log in using their Identity Cloud credentials and increment a login counter. Users are then sent through a separate progressive profile journey. The login journey can be expanded to include other features, such as support for identity providers. For more details, refer to Social authentication.

Example login journey

The following nodes are associated with login journeys:

Platform Username node

The Platform Username node is used in both login and registration journeys. It collects the username of the user.

Platform Password node

The Platform Password node is used in both login and registration journeys. It collects the password of the user.

Data Store Decision node

The Data Store Decision node takes a username and password and validates they match an existing user in the configured data store (in this case, an IDM managed user).

Configure social identity providers

To include social identity providers as a method of authentication, configure the Social Identity Provider Service in AM to include either some form of social registration or social account claiming. For more information, refer to Social authentication. Once this is set up, add social identity provider support to your login journey.

  1. To get started with social logins, you can create a new journey, modify the existing login journey, or duplicate the login journey and modify that.

    This example uses the following nodes:

  2. Connect the starting node to the Page node.

  3. Connect the Social Authentication output on the Page node to the Social Provider Handler node.

  4. On the Social Provider Handler node, connect the Account Exists output to the Increment Login Count node. Connect the No Account Exists output to the Failure node.

  5. On the Page node, connect the Local Authentication node to the Data Store Decision node.

  6. On the Data Store Decision node, connect the True output to the Increment Login Count node. Connect the False output to the Failure node.

  7. Connect the Increment Login Count node to the Inner Tree Evaluator node node.

  8. The Inner Tree Evaluator node node points to another journey, letting you chain multiple journeys together.

    By default, this is set to point to the ProgressiveProfile journey. For more information about progressive profiles, refer to Progressive profile.

    Connect the Inner Tree Evaluator node node to the Success node.

The resulting login journey will look something like this:

Example login journey with social identity providers enabled

Example login REST output

When calling a login self-service endpoint, you will receive a JSON object back, containing callbacks for each of the nodes included in the login journey.

Sample JSON callbacks
{
  "authId": "<omitted for length>",
  "callbacks": [
    {
      "type": "ValidatedCreateUsernameCallback",
      "output": [
        {
          "name": "policies",
          "value": {}
        },
        {
          "name": "failedPolicies",
          "value": []
        },
        {
          "name": "validateOnly",
          "value": false
        },
        {
          "name": "prompt",
          "value": "Username"
        }
      ],
      "input": [
        {
          "name": "IDToken1",
          "value": ""
        },
        {
          "name": "IDToken1validateOnly",
          "value": false
        }
      ],
      "_id": 0
    },
    {
      "type": "ValidatedCreatePasswordCallback",
      "output": [
        {
          "name": "echoOn",
          "value": false
        },
        {
          "name": "policies",
          "value": {}
        },
        {
          "name": "failedPolicies",
          "value": []
        },
        {
          "name": "validateOnly",
          "value": false
        },
        {
          "name": "prompt",
          "value": "Password"
        }
      ],
      "input": [
        {
          "name": "IDToken2",
          "value": ""
        },
        {
          "name": "IDToken2validateOnly",
          "value": false
        }
      ],
      "_id": 1
    }
  ],
  "header": "Sign In",
  "description": "New here? <a href=\"#/service/Registration\">Create an account</a><br><a href=\"#/service/ForgottenUsername\">Forgot username?</a> <a href=\"#/service/ResetPassword\">Forgot password?</a>"
}
Copyright © 2010-2022 ForgeRock, all rights reserved.