02-25-2020 12:55 PM
Hi All,
I have successfully tested Authentication policy using LDAP, MFA (Okta API), SAML and RADIUS (Okta). I am working on the redundancy scenarios wherein if Okta fails, the fallback would be LDAP. I am using RADIUS (Okta) and LDAP in the Authentication Sequence. I am however unable to get the LDAP (Active Directory) fallback working. I am simulating RADIUS(OKTA) failure by configuring the service route to use the firewall traffic interface and then a security policy to block the RADIUS traffic. I can see that the firewall is successfully blocking RADIUS traffic. I however, want it to proceed to LDAP auth and authenticate considering RADIUS unavailability. I am using default-web-form in the auth policy and CP is set to use the authentication sequence. The authentication logs only show Authentication Failure with the RADIUS server events. What am I missing? Will this config ever work?
