Inner Tree Evaluator node
The Inner Tree Evaluator node lets you nest authentication journeys as children within a parent. Use this node to break up complex authentication journeys into discrete elements, or to separate asynchronous parts of a journey. There’s no limit to the depth of nesting, so you can configure a journey within a journey within a journey.
Example
The following journey uses an Inner Tree Evaluator node for progressive profiling:

-
The Page node presents a page with input fields to prompt for the username and password.
-
The Platform Username node collects and injects the
userName
into the shared node state. -
The Platform Password node collects and injects the
password
into the shared node state.
-
-
The Data Store Decision node uses the username and password to determine whether authentication is successful.
-
The Increment Login Count node updates the login count on successful authentication.
-
The Inner Tree Evaluator node invokes a nested journey:

-
The Login Count Decision node triggers the rest of the journey depending on the login count and its settings.
-
The Query Filter Decision node determines whether managed object profile fields are still missing.
-
The Attribute Collector node in the Page node requests additional input for the profile.
-
The Patch Object node stores the additional input in the managed object profile.
-
If a node in the child journey throws an exception, the name of the node that failed and details of the exception are added to the node state of the Inner Tree Evaluator node and the journey proceeds to the
Error
outcome. -
A Scripted Decision node determines what action to take, based on the captured error:
-
If the child journey failed on the Attribute Collector node, the parent journey displays the message "Failed to collect attributes" and returns to the child journey to attempt attribute collection again.
-
If the child journey failed on any other node, the parent journey fails.
-
Availability
Product | Available? |
---|---|
PingOne Advanced Identity Cloud |
Yes |
PingAM (self-managed) |
Yes |
Ping Identity Platform (self-managed) |
Yes |
Inputs
Any information collected or set by the parent journey, such as a username or the authentication level, is available in the child journeys.
Learn more in the documentation on shared state data for:
Configuration
Property | Usage |
---|---|
Tree Name |
Select or enter the name of the authentication journey to evaluate. You must set this value; there’s no default. |
Error Outcome |
If an exception occurs during the evaluation of the child journey, this option lets you capture the exception details. Setting this option creates an
You can attach this output to a node that processes the error information. If you don’t select Error Outcome in the node configuration, the exception is propagated to the parent journey instead, so you might lose the details of what caused the error. |
Outputs
If you select the Error Outcome option and an exception occurs during the evaluation of the child journey, the following details are captured in the shared state:
-
The node that failed
-
The exact error message from the failed node
Shared state data collected by child journeys is available to the parent when evaluation of the child is complete. Data stored in transient and secure state is not. For example, if a child journey collects and stores the user’s password in transient state, that password can’t be retrieved by a node in the parent journey when evaluation continues. Learn more in the documentation on shared state data for: |