Conducting preliminary tests of the PingID offline configuration ensures the selected offline flow works in case of a PingID service failure.
To test PingID offline configuration:
Change the PingID
properties file to break the connection to the PingID server by opening the
Adapter configuration and changing the values in the PingID properties file.
Make sure to keep a copy of the original file.Note:
You can alternately test the flow by setting the Enforce Offline MFA option without making changes to the properties file.
Change the idp_url and
The original arguments are:
The following are examples of changes you can make to the arguments to test the offline configuration:
- Replacing the PingID valid heartbeat page with a page that
error 503(service unavailable) simulates an outage.
- To test timeout configuration in PingFederate using
sleep=10000simulates 10 seconds of latency on the demo webpage. If the timeout is less than 10 seconds, offline authentication is triggered.
- Change the idp_url and authenticator_url.
Start an online authentication.
If the RADIUS is enabled, block all HTTP traffic to idpxnyl3m.pingidentity.com and authenticator.pingone.com on destination port 443 using your firewall or proxy server.
The selected MFA offline flow is triggered.