remove MFA DUO Monitoring from CAS 6.0.5 heath check actuator url

34 views
Skip to first unread message

n99

unread,
Oct 28, 2019, 12:55:00 PM10/28/19
to CAS Community
Hello

We have enabled MFA using Duo at the global level and have also implemented a global OPEN failure policy. 

This works as expected when we contrive a test with Duo being unavailable.

However we have also noticed, during our test, that calling the Actuator Health Check url also causes CAS to be marked as DOWN when Duo is DOWN.

Given we use the health check url on our Load Balancer to check nodes are up, this is not ideal, as all nodes are marked as DOWN, and we can't fall back to the MFA global OPEN failure policy.

There are docs about enabling/disabling monitoring in the health check but none on MFA/Duo.

Can we exclude Duo monitoring from the actuator health check?

Thanks

Misagh Moayyed

unread,
Oct 29, 2019, 6:22:03 AM10/29/19
to CAS Community
I realize you're on 6.0.5 but, this *might* work for you:

Otherwise, switch to 6.1.0 or port back.
Reply all
Reply to author
Forward
0 new messages