Auth node reference

Inner Tree Evaluator node

The Inner Tree Evaluator node lets you nest authentication journeys as children within a parent. Use this node to break up complex authentication journeys into discrete elements, or to separate asynchronous parts of a journey. There’s no limit to the depth of nesting, so you can configure a journey within a journey within a journey.

Example

The following journey uses an Inner Tree Evaluator node for progressive profiling:

Login with progressive profiling
Progressive profiling journey

  • The Login Count Decision node triggers the rest of the journey depending on the login count and its settings.

  • The Query Filter Decision node determines whether managed object profile fields are still missing.

  • The Attribute Collector node in the Page node requests additional input for the profile.

  • The Patch Object node stores the additional input in the managed object profile.

  • If a node in the child journey throws an exception, the name of the node that failed and details of the exception are added to the node state of the Inner Tree Evaluator node and the journey proceeds to the Error outcome.

  • A Scripted Decision node determines what action to take, based on the captured error:

    • If the child journey failed on the Attribute Collector node, the parent journey displays the message "Failed to collect attributes" and returns to the child journey to attempt attribute collection again.

    • If the child journey failed on any other node, the parent journey fails.

Availability

Product Available?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

Any information collected or set by the parent journey, such as a username or the authentication level, is available in the child journeys.

Learn more in the documentation on shared state data for:

Dependencies

None.

Configuration

Property Usage

Tree Name

Select or enter the name of the authentication journey to evaluate.

You must set this value; there’s no default.

Error Outcome

If an exception occurs during the evaluation of the child journey, this option lets you capture the exception details. Setting this option creates an Error outcome on the node, that you can use to extract the details of the exception from the node state. The following details are captured in the state:

  • The node that failed

  • The exact error message from the failed node

You can attach this output to a node that processes the error information.

If you don’t select Error Outcome in the node configuration, the exception is propagated to the parent journey instead, so you might lose the details of what caused the error.

Outputs

If you select the Error Outcome option and an exception occurs during the evaluation of the child journey, the following details are captured in the shared state:

  • The node that failed

  • The exact error message from the failed node

Shared state data collected by child journeys is available to the parent when evaluation of the child is complete. Data stored in transient and secure state is not.

For example, if a child journey collects and stores the user’s password in transient state, that password can’t be retrieved by a node in the parent journey when evaluation continues.

Learn more in the documentation on shared state data for:

Outcomes

True

Successfully reached the Success node of the child.

False

Any other case.

Error

Only displayed if Error Outcome is selected in the node configuration.

This outcome lets you capture the exception details if an exception occurs during the evaluation of the child journey.

Errors

  • If it can’t get the shared node state from the child journey, this node logs an Exception when gathering inner tree inputs message.

  • If the Tree Name doesn’t match an existing journey, the node throws an exception with the following message:

    Configured tree does not exist: journey-name