Access Management 7.3.1

Metadata annotation

The annotation specifies two required attributes: the outcomeProvider and the configClass. Typically, the configClass attribute is an inner interface in the node implementation class.

Optionally, you can also specify a class as a configValidator, and tags to categorize the node type for display in the UI.

outcomeProvider

The class that defines the possible outcomes.

The abstract implementations of the node interface, org.forgerock.openam.auth.node.api.SingleOutcomeNode and org.forgerock.openam.auth.node.api.AbstractDecisionNode, define outcome providers you can use for simple use cases. Provide your own implementation for more complex use cases.

For example, the following is the custom outcome provider from the LDAP Decision node, which has True, False, Locked, Cancelled, and Expired exit paths:

/**
* Defines the possible outcomes from this Ldap node.
*/
public static class LdapOutcomeProvider implements OutcomeProvider {
  @Override
  public List<Outcome> getOutcomes(PreferredLocales locales, JsonValue nodeAttributes) {
    ResourceBundle bundle = locales.getBundleInPreferredLocale(LdapDecisionNode.BUNDLE,
    LdapOutcomeProvider.class.getClassLoader());
    return ImmutableList.of(
      new Outcome(LdapOutcome.TRUE.name(), bundle.getString("trueOutcome")),
      new Outcome(LdapOutcome.FALSE.name(), bundle.getString("falseOutcome")),
      new Outcome(LdapOutcome.LOCKED.name(), bundle.getString("lockedOutcome")),
      new Outcome(LdapOutcome.CANCELLED.name(), bundle.getString("cancelledOutcome")),
      new Outcome(LdapOutcome.EXPIRED.name(), bundle.getString("expiredOutcome")));
  }
}
configClass

The class name that contains the configuration of any attributes requested by the node when using it as part of a tree.

For more information, See Config interface.

configValidator

An optional class name used to validate the provided configuration.

tags

An optional list of tags to categorize the node within the tree designer view.

Tags are made up of one or more text strings that let users find the node more easily when designing trees. For example, you could include common pseudonyms for the functionality the node provides, such as mfa for a node that provides multi-factor authentication functionality.

The tree designer view organizes nodes into a number of categories, based on the presence of certain tag values, as described in the table below:

Authentication node tag categories
Category Tag Example nodes

Basic Authentication

"basic authentication"

Data Store Decision node
Username Collector node

MFA

"mfa"

Push Sender node
WebAuthn Authentication node

Risk

"risk"

Account Lockout node
CAPTCHA node

Behavioral

"behavioral"

Increment Login Count node
Login Count Decision node

Contextual

"contextual"

Cookie Presence Decision node
Set Persistent Cookie node

Federation

"federation"

OAuth 2.0 node
OpenID Connect node

Identity Management

"identity management"

Anonymous User Mapping node
Terms and Conditions Decision node

Utilities

"utilities"

Choice Collector node
Scripted Decision node

Nodes that aren’t tagged with one of these tags appear in an Uncategorized section.

For example, the @Node.Metadata annotation for Timer Start node places it in the Utilities section:

@Node.Metadata(outcomeProvider = SingleOutcomeNode.OutcomeProvider.class,
        configClass = TimerStartNode.Config.class,
        tags = {"metrics", "utilities"})

For more information on the @Node.Metadata annotation, see the Node.Metadata annotation type in the AM Public API Javadoc.