Conducting preliminary tests of the PingID offline configuration ensures the selected offline flow works in case of a PingID service failure.

To test PingID offline configuration:

  1. Change the PingID properties file to break the connection to the PingID server by opening the PingID Adapter configuration and changing the values in the PingID properties file.

    Make sure to keep a copy of the original file.

    Note:

    You can alternately test the flow by setting the Enforce Offline MFA option without making changes to the properties file.

    1. Change the idp_url and authenticator_url.

      The original arguments are:

      • idp_url=https://idpxnyl3m.pingidentity.com/pingid
      • authenticator_url=https://authenticator.pingone.com/pingid/ppm

      The following are examples of changes you can make to the arguments to test the offline configuration:

      • Error 503:
        • idp_url=https://httpstat.us/503?
        • authenticator_url=https://httpstat.us/503?
      • Sleep=10000:
        • idp_url=https://httpstat.us/200?sleep=10000&
        • authenticator_url=https://httpstat.us/200?sleep=10000&
      • Replacing the PingID valid heartbeat page with a page that returns error 503 (service unavailable) simulates an outage.
      • To test timeout configuration in PingFederate using sleep=10000 simulates 10 seconds of latency on the demo webpage. If the timeout is less than 10 seconds, offline authentication is triggered.
  2. Start an online authentication.
    Note:

    If the RADIUS is enabled, block all HTTP traffic to idpxnyl3m.pingidentity.com and authenticator.pingone.com on destination port 443 using your firewall or proxy server.

    The selected MFA offline flow is triggered.