--- title: AuthTree description: Authentication trees. component: pingam version: 8.1 page_id: pingam:entity-reference:sec-amster-entity-authtree canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-authtree.html section_ids: sec-amster-entity-authtree-realm-ops: Realm Operations sec-amster-entity-authtree-realm-ops-clone: clone sec-amster-entity-authtree-realm-ops-create: create sec-amster-entity-authtree-realm-ops-delete: delete sec-amster-entity-authtree-realm-ops-getalltypes: getAllTypes sec-amster-entity-authtree-realm-ops-getcreatabletypes: getCreatableTypes sec-amster-entity-authtree-realm-ops-getids: getIds sec-amster-entity-authtree-realm-ops-nextdescendents: nextdescendents sec-amster-entity-authtree-realm-ops-query: query sec-amster-entity-authtree-realm-ops-read: read sec-amster-entity-authtree-realm-ops-update: update sec-amster-entity-authtree-realm-ops-validate: validate sec-amster-entity-authtree-realm-ops-validatetree: validateTree --- # AuthTree ## Realm Operations Authentication trees. Resource path: ``` /realm-config/authentication/authenticationtrees/trees ``` Resource version: `0.0` ### clone Creates a new tree and underlying set of nodes with the same node configurations as the cloned tree. **Usage** ``` am> action AuthTree --realm Realm --body body --actionName clone ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "newId" : { "type" : "string", "title" : "New Tree ID", "description" : "The ID for the tree that will be created." } } } ``` ### create **Usage** ``` am> create AuthTree --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "description" : "A tree contains a set of nodes and their connections.", "type" : "object", "title" : "Authentication Tree", "properties" : { "description" : { "type" : "string", "title" : "Description", "description" : "A description of the tree." }, "enabled" : { "type" : "boolean", "title" : "Enabled", "description" : "Whether the tree is enabled." }, "innerTreeOnly" : { "type" : "boolean", "title" : "Inner Tree Only", "description" : "Whether the tree can be executed only as an inner tree." }, "mustRun" : { "type" : "boolean", "title" : "Must Run", "description" : "Whether this tree must run, regardless of whether it has already been used to authenticate." }, "maximumSessionTime" : { "type" : "number", "title" : "Maximum Session Time", "description" : "Maximum time, in minutes, that a session can remain valid before the user must reauthenticate." }, "maximumIdleTime" : { "type" : "number", "title" : "Maximum Idle Time", "description" : "Maximum time, in minutes, that a server-side session can remain idle before the user must reauthenticate." }, "treeTimeout" : { "type" : "number", "title" : "Max duration", "description" : "The maximum duration an authentication session is valid. The duration starts from the time the authentication session is generated and lasts for the number of minutes specified." }, "transactionalOnly" : { "type" : "boolean", "title" : "Transactional Only", "description" : "Whether the tree can only be executed via a transaction auth type." }, "noSession" : { "type" : "boolean", "title" : "No Session", "description" : "If set the tree will never create a session on completion" }, "nodes" : { "type" : "object", "title" : "Nodes", "description" : "A map of node ID to node association details.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "connections" : { "type" : "object", "title" : "Connections", "description" : "The node's connected outcomes.", "patternProperties" : { ".*" : { "type" : "string", "title" : "Node ID", "description" : "The ID of the node that this outcome connects to." } } }, "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" }, "_outcomes" : { "type" : "array", "title" : "Outcomes", "description" : "The node's complete set of outcomes.", "readOnly" : true, "items" : { "type" : "object", "title" : "Outcome", "description" : "A possible outcome of the node.", "readOnly" : true, "properties" : { "id" : { "type" : "string", "title" : "ID", "description" : "The identifier of the outcome.", "readOnly" : true }, "displayName" : { "type" : "string", "title" : "Display Name", "description" : "The display name of the outcome, in the requester's preferred locale.", "readOnly" : true } } } } } } } }, "staticNodes" : { "type" : "object", "title" : "Static Nodes", "description" : "A map of node ID to node layout positions for the static nodes, start, success and failure.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" } } } } }, "uiConfig" : { "type" : "object", "title" : "UI Configuration", "description" : "Optional key-value map to hold implementation-specific client properties.", "patternProperties" : { ".*" : { "type" : "string" } } }, "identityResource" : { "type" : "string", "title" : "Identity Resource", "description" : "Optional IDM identity resource, e.g. managed/user." } } } ``` ### delete **Usage** ``` am> delete AuthTree --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### getAllTypes Obtain the collection of all secondary configuration types related to the resource. **Usage** ``` am> action AuthTree --realm Realm --actionName getAllTypes ``` ### getCreatableTypes Obtain the collection of secondary configuration types that have yet to be added to the resource. **Usage** ``` am> action AuthTree --realm Realm --actionName getCreatableTypes ``` ### getIds Get the names of each tree configured in this realm. **Usage** ``` am> action AuthTree --realm Realm --actionName getIds ``` ### nextdescendents Obtain the collection of secondary configuration instances that have been added to the resource. **Usage** ``` am> action AuthTree --realm Realm --actionName nextdescendents ``` ### query Query for all authentication trees. Only a query filter of 'true' is supported. **Usage** ``` am> query AuthTree --realm Realm --filter filter ``` **Parameters** * *\--filter* A CREST formatted query filter, where "true" will query all. ### read **Usage** ``` am> read AuthTree --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### update **Usage** ``` am> update AuthTree --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "description" : "A tree contains a set of nodes and their connections.", "type" : "object", "title" : "Authentication Tree", "properties" : { "description" : { "type" : "string", "title" : "Description", "description" : "A description of the tree." }, "enabled" : { "type" : "boolean", "title" : "Enabled", "description" : "Whether the tree is enabled." }, "innerTreeOnly" : { "type" : "boolean", "title" : "Inner Tree Only", "description" : "Whether the tree can be executed only as an inner tree." }, "mustRun" : { "type" : "boolean", "title" : "Must Run", "description" : "Whether this tree must run, regardless of whether it has already been used to authenticate." }, "maximumSessionTime" : { "type" : "number", "title" : "Maximum Session Time", "description" : "Maximum time, in minutes, that a session can remain valid before the user must reauthenticate." }, "maximumIdleTime" : { "type" : "number", "title" : "Maximum Idle Time", "description" : "Maximum time, in minutes, that a server-side session can remain idle before the user must reauthenticate." }, "treeTimeout" : { "type" : "number", "title" : "Max duration", "description" : "The maximum duration an authentication session is valid. The duration starts from the time the authentication session is generated and lasts for the number of minutes specified." }, "transactionalOnly" : { "type" : "boolean", "title" : "Transactional Only", "description" : "Whether the tree can only be executed via a transaction auth type." }, "noSession" : { "type" : "boolean", "title" : "No Session", "description" : "If set the tree will never create a session on completion" }, "nodes" : { "type" : "object", "title" : "Nodes", "description" : "A map of node ID to node association details.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "connections" : { "type" : "object", "title" : "Connections", "description" : "The node's connected outcomes.", "patternProperties" : { ".*" : { "type" : "string", "title" : "Node ID", "description" : "The ID of the node that this outcome connects to." } } }, "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" }, "_outcomes" : { "type" : "array", "title" : "Outcomes", "description" : "The node's complete set of outcomes.", "readOnly" : true, "items" : { "type" : "object", "title" : "Outcome", "description" : "A possible outcome of the node.", "readOnly" : true, "properties" : { "id" : { "type" : "string", "title" : "ID", "description" : "The identifier of the outcome.", "readOnly" : true }, "displayName" : { "type" : "string", "title" : "Display Name", "description" : "The display name of the outcome, in the requester's preferred locale.", "readOnly" : true } } } } } } } }, "staticNodes" : { "type" : "object", "title" : "Static Nodes", "description" : "A map of node ID to node layout positions for the static nodes, start, success and failure.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" } } } } }, "uiConfig" : { "type" : "object", "title" : "UI Configuration", "description" : "Optional key-value map to hold implementation-specific client properties.", "patternProperties" : { ".*" : { "type" : "string" } } }, "identityResource" : { "type" : "string", "title" : "Identity Resource", "description" : "Optional IDM identity resource, e.g. managed/user." } } } ``` ### validate Validates a tree giving errors and warnings. **Usage** ``` am> action AuthTree --realm Realm --body body --actionName validate ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "description" : "A tree contains a set of nodes and their connections.", "type" : "object", "title" : "Authentication Tree", "properties" : { "description" : { "type" : "string", "title" : "Description", "description" : "A description of the tree." }, "enabled" : { "type" : "boolean", "title" : "Enabled", "description" : "Whether the tree is enabled." }, "innerTreeOnly" : { "type" : "boolean", "title" : "Inner Tree Only", "description" : "Whether the tree can be executed only as an inner tree." }, "mustRun" : { "type" : "boolean", "title" : "Must Run", "description" : "Whether this tree must run, regardless of whether it has already been used to authenticate." }, "maximumSessionTime" : { "type" : "number", "title" : "Maximum Session Time", "description" : "Maximum time, in minutes, that a session can remain valid before the user must reauthenticate." }, "maximumIdleTime" : { "type" : "number", "title" : "Maximum Idle Time", "description" : "Maximum time, in minutes, that a server-side session can remain idle before the user must reauthenticate." }, "treeTimeout" : { "type" : "number", "title" : "Max duration", "description" : "The maximum duration an authentication session is valid. The duration starts from the time the authentication session is generated and lasts for the number of minutes specified." }, "transactionalOnly" : { "type" : "boolean", "title" : "Transactional Only", "description" : "Whether the tree can only be executed via a transaction auth type." }, "noSession" : { "type" : "boolean", "title" : "No Session", "description" : "If set the tree will never create a session on completion" }, "nodes" : { "type" : "object", "title" : "Nodes", "description" : "A map of node ID to node association details.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "connections" : { "type" : "object", "title" : "Connections", "description" : "The node's connected outcomes.", "patternProperties" : { ".*" : { "type" : "string", "title" : "Node ID", "description" : "The ID of the node that this outcome connects to." } } }, "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" }, "_outcomes" : { "type" : "array", "title" : "Outcomes", "description" : "The node's complete set of outcomes.", "readOnly" : true, "items" : { "type" : "object", "title" : "Outcome", "description" : "A possible outcome of the node.", "readOnly" : true, "properties" : { "id" : { "type" : "string", "title" : "ID", "description" : "The identifier of the outcome.", "readOnly" : true }, "displayName" : { "type" : "string", "title" : "Display Name", "description" : "The display name of the outcome, in the requester's preferred locale.", "readOnly" : true } } } } } } } }, "staticNodes" : { "type" : "object", "title" : "Static Nodes", "description" : "A map of node ID to node layout positions for the static nodes, start, success and failure.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" } } } } }, "uiConfig" : { "type" : "object", "title" : "UI Configuration", "description" : "Optional key-value map to hold implementation-specific client properties.", "patternProperties" : { ".*" : { "type" : "string" } } }, "identityResource" : { "type" : "string", "title" : "Identity Resource", "description" : "Optional IDM identity resource, e.g. managed/user." } } } ``` ### validateTree Validates a tree giving errors and warnings. **Usage** ``` am> action AuthTree --realm Realm --body body --actionName validateTree ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "description" : "A tree contains a set of nodes and their connections.", "type" : "object", "title" : "Authentication Tree", "properties" : { "description" : { "type" : "string", "title" : "Description", "description" : "A description of the tree." }, "enabled" : { "type" : "boolean", "title" : "Enabled", "description" : "Whether the tree is enabled." }, "innerTreeOnly" : { "type" : "boolean", "title" : "Inner Tree Only", "description" : "Whether the tree can be executed only as an inner tree." }, "mustRun" : { "type" : "boolean", "title" : "Must Run", "description" : "Whether this tree must run, regardless of whether it has already been used to authenticate." }, "maximumSessionTime" : { "type" : "number", "title" : "Maximum Session Time", "description" : "Maximum time, in minutes, that a session can remain valid before the user must reauthenticate." }, "maximumIdleTime" : { "type" : "number", "title" : "Maximum Idle Time", "description" : "Maximum time, in minutes, that a server-side session can remain idle before the user must reauthenticate." }, "treeTimeout" : { "type" : "number", "title" : "Max duration", "description" : "The maximum duration an authentication session is valid. The duration starts from the time the authentication session is generated and lasts for the number of minutes specified." }, "transactionalOnly" : { "type" : "boolean", "title" : "Transactional Only", "description" : "Whether the tree can only be executed via a transaction auth type." }, "noSession" : { "type" : "boolean", "title" : "No Session", "description" : "If set the tree will never create a session on completion" }, "nodes" : { "type" : "object", "title" : "Nodes", "description" : "A map of node ID to node association details.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "connections" : { "type" : "object", "title" : "Connections", "description" : "The node's connected outcomes.", "patternProperties" : { ".*" : { "type" : "string", "title" : "Node ID", "description" : "The ID of the node that this outcome connects to." } } }, "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" }, "_outcomes" : { "type" : "array", "title" : "Outcomes", "description" : "The node's complete set of outcomes.", "readOnly" : true, "items" : { "type" : "object", "title" : "Outcome", "description" : "A possible outcome of the node.", "readOnly" : true, "properties" : { "id" : { "type" : "string", "title" : "ID", "description" : "The identifier of the outcome.", "readOnly" : true }, "displayName" : { "type" : "string", "title" : "Display Name", "description" : "The display name of the outcome, in the requester's preferred locale.", "readOnly" : true } } } } } } } }, "staticNodes" : { "type" : "object", "title" : "Static Nodes", "description" : "A map of node ID to node layout positions for the static nodes, start, success and failure.", "patternProperties" : { ".*" : { "type" : "object", "title" : "Node", "description" : "A association of a node with a tree.", "properties" : { "x" : { "type" : "string", "title" : "tree.node.x", "description" : "tree.node.x.description" }, "y" : { "type" : "string", "title" : "tree.node.y", "description" : "tree.node.y.description" } } } } }, "uiConfig" : { "type" : "object", "title" : "UI Configuration", "description" : "Optional key-value map to hold implementation-specific client properties.", "patternProperties" : { ".*" : { "type" : "string" } } }, "identityResource" : { "type" : "string", "title" : "Identity Resource", "description" : "Optional IDM identity resource, e.g. managed/user." } } } ```