Next, configure a Failure Step. This step uses the script execution result from the above scriptable step to determine whether to stop the authentication flow. It checks if the value of script output/key ip_in_range
matches the regex pattern ^yes$. If this is the case, the IP address of the user device matches the CIDR provided in the user's context data. Consequently, the failure step is skipped and the authentication flow can continue normally.
- Proceed as follows:
- Go to:
Loginapp >> Application and Authentication >> Default Application >> Authentication Flow - In property Steps, create and edit a Failure Step plugin, as follows:
- In section Basic Settings and in property Error Code, enter an error code that specifies the reason for aborting the authentication flow, e.g., FLOW_ABORTED_INTENTIONALLY. The error code will be included in the response.
- In section Basic Settings and in property Authentication Method Identifier, enter the identifier of the authentication method, e.g., PASSWORD. The failed attempts counter of this authentication method will be increased when the flow is terminated.
- In section Tags/Guards and in property Skip Condition, create and edit a String Regex Condition plugin:
- In property Value Provider of the String Regex Condition plugin, create and edit a String From Map Value Provider plugin:
- In property Value Maps, add a Script Execution Result Value Map Provider plugin.
- In property Key, enter ip_in_range.
- Return to the String Regex Condition plugin. In property Regex Pattern, enter ^yes$. This is the regex pattern to match with the script output value.
- You have now configured a failure step that will be skipped if the script output confirms
"ip_in_range = yes"
. In every other case, the failure step will terminate the authentication flow and the PASSWORD failure counter will be increased.