Failure node

The Failure node is a required element indicating the journey ended in failure.

Examples

All authentication journeys have a Failure node as one of their terminals.

Availability

Product	Available?
PingOne Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Available?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

The failure outcomes of any preceding nodes.

Dependencies

None.

Configuration

This node has no configurable properties.

Outputs

None. The authentication journey ends in failure.

Outcomes

The authentication journey completes, ending in failure, and the user is redirected to a failure URL.

Find more information in Failure URL precedence.

Errors

The error depends on the Login Failure Lockout Mode setting for the realm.

You can change this under Native Consoles > Access Management > Realms > Realm Name > Authentication > Settings > Account Lockout > Login Failure Lockout Mode.

Without the setting enabled, by default, the node returns an error with a message such as the following:

{"code":401,"reason":"Unauthorized","message":"Login failure"}

With the setting enabled, the node checks the invalid attempts property of the user profile and does the following:

Returns a warning message if the number of failed attempts is equal to or greater than the Authentication > Settings > Account Lockout > Warn User After N Failures setting:
```
{
  "code": 401,
  "reason": "Unauthorized",
  "message": "Warning: You will be locked out after 1 more failure(s).",
  "detail": {
    "failureUrl": ""
  }
}
```
Increments the failure count in the user profile.

Returns an error message if the account is Inactive:

{
  "code": 401,
  "reason": "Unauthorized",
  "message": "User Locked Out.",
  "detail": {
    "failureUrl": ""
  }
}

To troubleshoot an authentication failure, review the steps in the journey to find what caused the failure.

Authentication nodes