Data Store Decision node
The Data Store Decision node checks that the credentials provided during authentication match the ones stored in the configured data store for the realm.
Compatibility
Product | Compatible? |
---|---|
Advanced Identity Cloud |
Yes |
PingAM (self-managed) |
Yes |
Ping Identity Platform (self-managed) |
Yes |
Inputs
This node requires the realm
, username
, and password
properties in the incoming node state.
You can implement the following nodes as inputs to the Data Store Decision node:
Dependencies
The Data Store Decision node is a basic node used in many authentication application types, such as basic, push, OAuth 2.0, and social provider authentication applications.
Outcomes
Returns a boolean outcome:
True
-
The credentials match those found in the data store.
False
-
The credentials do not match those found in the data store.
Errors
The following Data Store Decision node warnings and errors can appear in the logs:
- Warnings
-
-
"invalid password error"
-
"invalid username error"
-
- Errors
-
-
"Exception in data store decision node"
-
Examples
Example 1: Simple username and password collector nodes with Data Store Decision node
This example illustrates a simple login process. The journey involves a Page node that contains two embedded nodes: Platform Username node and Platform Password node. To enhance user experience, the Page node lets users input their username and password on a single page, instead of splitting them across two different pages.
The Data Store Decision node has two outcomes: True
or False
.
When the outcome is True
, it triggers a Login Count Decision node.
The Increment Login Count node then moves to an Inner Tree Evaluator node, which performs additional login processes.
The False
outcome connects directly to a failure node,
indicating a failed state where the username and/or password provided by the user did not match the information stored
in the data store.
Example 2: Grant the user several attempts to enter their credentials correctly
In the following example, when an authentication attempt fails at the Data Store Decision node, you can direct it to a Retry Limit Decision node. The Retry Limit Decision node determines the number of retries allowed and either retries the login attempt or rejects it. If the journey rejects the login attempt after reaching the configured limit, for example three attempts, the operation results in an account lockout.
Additional information
The following are alternate nodes that you can use in your journeys depending on your specific use cases:
-
The LDAP Decision node supports LDAP Behera Password Policies with separate outcomes for accounts that are locked and passwords that have expired.
-
In Advanced Identity Cloud applications, the Identity Store Decision node is an enhanced node with additional outcomes. Use this node if your authentication journey needs more functionality than a simple
True
orFalse
outcome.