Advanced Identity Cloud

CAPTCHA node

The CAPTCHA node adds CAPTCHA support by verifying the response token received from the CAPTCHA provider and creating a callback for the UI to interact with.

By default, the node is configured for Google’s reCAPTCHA v2.

Compatibility

Product Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

This node only supports reCAPTCHA v2 and v3, and hCaptcha.

For Google reCAPTCHA Enterprise support, use the reCAPTCHA Enterprise node.

Inputs

None. This node doesn’t read shared state data.

Dependencies

You need to sign up for access to the reCAPTCHA API to get the API key pair required for configuring the node.

Configuration

Property Usage

CAPTCHA Site Key (required)

The CAPTCHA site key supplied by the CAPTCHA provider when you sign up for access to the API.

CAPTCHA Secret Key

The CAPTCHA secret key supplied by the CAPTCHA provider when you sign up for access to the API.

This property is deprecated and will be removed in a future release. Use the CAPTCHA Secret Label Identifier instead.

If you set a CAPTCHA Secret Label Identifier and PingOne Advanced Identity Cloud finds a matching secret in a secret store, the CAPTCHA Secret Key is ignored.

CAPTCHA Secret Label Identifier

An identifier used to create a secret label for mapping to a secret in a secret store.

PingOne Advanced Identity Cloud uses this identifier to create a specific secret label for this node. The secret label takes the form am.authentication.nodes.captcha.identifier.secret where identifier is the value of CAPTCHA Secret Label Identifier.

The identifier can only contain alphanumeric characters a-z, A-Z, 0-9, and periods (.). It can’t start or end with a period.

If you set a CAPTCHA Secret Label Identifier and PingOne Advanced Identity Cloud finds a matching secret in a secret store, the CAPTCHA Secret Key is ignored.

CAPTCHA Verification URL

The URL used to verify the CAPTCHA submission.

Use https://www.google.com/recaptcha/api/siteverify.

CAPTCHA API URL (required)

The URL of the JavaScript that loads the CAPTCHA widget.

Use https://www.google.com/recaptcha/api.js.

Class of CAPTCHA HTML Element

The class of the HTML element required by the CAPTCHA widget.

Use g-recaptcha.

ReCaptcha V3 node

If you’re using Google reCAPTCHA, specify whether it’s v2 or v3. Turn on for v3.

Score Threshold

If you’re using Google reCAPTCHA v3, enter a score threshold.

The CAPTCHA provider returns a score for each user request, based on observed interaction with your site. CAPTCHA "learns" by observing real site traffic, so scores in a staging environment or in a production deployment that has just been implemented might not be very accurate.

A score of 1.0 is likely a good user interaction, while 0.0 is likely to be a bot.

The threshold you set here determines whether to allow or deny access, based on the score returned by the CAPTCHA provider.

Start with a threshold of 0.5.

Learn more about score thresholds in the Google documentation.

Disable submission until verified

If selected, form submission is disabled until CAPTCHA verification succeeds.

Default: Enabled

Outputs

None.

Outcomes

True

The CAPTCHA response was successfully verified.

False

The CAPTCHA response wasn’t verified or failed verification.

Errors

This node can throw exceptions with the following messages:

  • CAPTCHA response required for verification

  • Unable to verify CAPTCHA response

  • Unable to retrieve state from token response

  • No secret key found

Example

The following journey uses a Page node and a Data Store Decision node to collect and verify the credentials and a CAPTCHA response:

The CAPTCHA node in context

This example uses the following nodes: