Steps

The steps within a branch can be any of the available authentication mechanisms.

Macros

While a step is running within a branch, the following macros are universally available:

@IN_BRANCH@

The name of the currently running branch.

@RETURN_ENABLED@

A flag indicating Whether “Allow return to decision” is enabled on the decision.

Operation Skipping

When most authentication mechanisms are started, the mechanism first performs initialization before returning to the user for input. The input is then returned to the mechanism for processing with the operation field set to verify.

In the decision mapping rule, the operation of the first step in the chosen branch can be overwritten in the state variable.

state.put("operation": "verify");

This is useful for the case where the decision is intelligent enough to have already collected the information the mechanism requires. The out-of-the-box Username-less Login Policy makes use of this functionality. When the user is prompted to complete QR Login, they can choose to perform Username Password Authentication instead. The QR Login page is able to collect the username and password input from the user before returning to the authentication service, and to the decision mapping rule. The decision mapping rule then sets operation to verify to indicate to the first mechanism in the branch (Username Password) that it should attempt the verification step after initialization, instead of returning to the user for input. Overriding the operation may result in different outcomes based on the specific mechanism being run.

Parent topic: Branching Authentication Policies