The Simple Way to Create an AM Authentication Node Project

What's that all about?

ForgeRock's Identity Platform Access Management introduced Authentication Trees for preview in version 5.5. Version 6.0 will see Authentication Trees and Nodes become an integral part of the product. This blog post will help you quickly and easily create a Authentication Tree Node project using Maven Archetypes.

About Authentication Trees and Nodes

Authentication trees provide fine-grained authentication by allowing multiple paths and decision points throughout the authentication flow. Authentication trees are made up of authentication nodes, which define actions taken during authentication, similar to authentication modules within chains. Authentication nodes are more granular than modules, with each node performing a single task such as collecting a username or making a simple decision. Unlike authentication modules, authentication nodes can have multiple outcomes rather than just success or failure. You can create complex yet customer-friendly authentication experiences by linking nodes together, creating loops, and nesting nodes within a tree. You can read more about Authentication Trees and Nodes in the ForgeRock documentation here. Note the link is to v5.5 documentation. There may be newer versions available.

Creating an Authentication Node

Because Authentication Nodes are fine-grained you can end up writing lots of them to build a flexible custom authentication suite. The creation of the maven project for each node can become an overhead, but fear not! There is a maven archetype to help you set up a skeleton independent auth node project!

Using the Maven Archetype

The Maven archetype lives in the ForgeRock maven repository. In order to use it you will need to set up your maven environment to be able to authenticate to that repository. To be able to do that you will need a ForgeRock Backstage Account that is associated with either a customer subscription or a partner status.
To set up maven you will need to download a preconfigured maven settings.xml file as explained in this Backstage Knowledge Base article. Note: If you have previously downloaded your settings.xml file it could still be worth downloading it again as the `profile` section of the settings.xml file required to access the archetype did not exist before mid Dec 2017.

I'm set up. Let's do this!

OK! Create your project;

mvn archetype:generate \
-DgroupId=<my-group-id> \
-DartifactId=<my-artefact-id> \
-Dversion=<my-version> \
-DpackageName=<my-package-id> \
-DauthNodeName=<my-auth-node-class-name> \ \
-DarchetypeArtifactId=auth-tree-node-archetype \
-DarchetypeVersion=5.5.0 \

Where you need to substitute values for the groupId, artefactId, version and packageName and authNodeName to suite your project.
groupId, artefactId & version are all pretty self evident and will be used in the generation of the pom's for your project.
packageName defines the package in which your auth tree node classes will be generated.
authNodeName Used to name generated classes and in the generation of a file etc.

What does this create for me?

Assuming we run a command something like this;

mvn archetype:generate \
-DgroupId=com.boho-software \
-DartifactId=super-auth-tree-node \
-Dversion=1.0.0-SNAPSHOT \
-Dpackage=com.boho-software.supernode \
-DauthNodeName=SuperNode \ \
-DarchetypeArtifactId=auth-tree-node-archetype \
-DarchetypeVersion=5.5.0 \

We will get a project with the following structure;

  + example.png

  + legal
    + CDDL-1.0.txt
  + pom.xml

  + src
    + main
      + java
      | + com
      |   + boho-software
      |     + supernode
      |       +
      |       +

      + resources
        + META-INF
          + services
            + org.forgerock.openam.plugins.AmPlugin
        + com

          + boho-software
            + supernode

Which I'm sure you'll agree, saves a lot of project set up time!

Once it's built...

put it in the Backstage Marketplace! There, you can build a community around your auth tree node, share it with others, find help maintaining it and if it becomes popular it could be accepted into the AM project as a fully supported node.


  1. This allows for more environment friendly programming of multi-axis machines. More axis of motion is offered on a multi-axis machine than a regular single or two-axis machine. Having more axes enables machining complicated and unique shapes and helps achieve larger accuracy, because the number of variables reduces drastically when there are multiple of} rotational axes. Outsourced CNC machining has become a staple of manufacturing in some industries. Companies that produce low-volume, high-complexity work turn to the method as a means of preserving prices precision machining manageable and guaranteeing deadlines are met. The medical trade has a range of applications for CNC machining technology and 3D printing.


Post a Comment

Popular posts from this blog

Android logging put to bed.

Using an Ubuntu VM to connect to a VPN using juniper network connect.