Conducting preliminary tests of the PingID offline configuration ensures the selected offline flow works in case of a PingID service failure.
To test PingID offline configuration:
-
Change the PingID
properties file to break the connection to the PingID server by opening the
PingID
Adapter configuration and changing the values in the PingID properties file.
Make sure to keep a copy of the original file.
Note:You can alternately test the flow by setting the Enforce Offline MFA option without making changes to the properties file.
-
Change the idp_url and
authenticator_url.
The original arguments are:
- idp_url=https://idpxnyl3m.pingidentity.com/pingid
- authenticator_url=https://authenticator.pingone.com/pingid/ppm
The following are examples of changes you can make to the arguments to test the offline configuration:
Error 503
:- idp_url=https://httpstat.us/503?
- authenticator_url=https://httpstat.us/503?
Sleep=10000
:- idp_url=https://httpstat.us/200?sleep=10000&
- authenticator_url=https://httpstat.us/200?sleep=10000&
- Replacing the PingID valid heartbeat page with a page that
returns
error 503
(service unavailable) simulates an outage. - To test timeout configuration in PingFederate using
sleep=10000
simulates 10 seconds of latency on the demo webpage. If the timeout is less than 10 seconds, offline authentication is triggered.
-
Change the idp_url and
authenticator_url.
-
Start an online authentication.
Note:
If the RADIUS password credential validator (PCV) is enabled, block all HTTP traffic to idpxnyl3m.pingidentity.com and authenticator.pingone.com on destination port 443 using your firewall or proxy server.
The selected MFA offline flow is triggered.