How to block/disable the /?failover option with SSO

tzeilstra
New Contributor III

As has been discussed in many feature requests, by having the /?failover page be available to sign into the Jamf admin page when SSO is enabled, Jamf has essentially defeated the main point of using SSO - enforcement of MFA. Being able to access the admin page externally with nothing but a username and password just isn't secure.

We do have a locally hosted Jamf server so we do have access to all the Tomcat config files. What I'm looking for is any way to block/disable/break that "back door" of using the /?failover. Obviously firewalls and the like will be one area of investigation but I'm also looking for any ideas pertaining to the server itself. Is there anything in the Tomcat server that could be adjusted/deleted/broken that would prevent that /?failover page from being used?

2 REPLIES 2

rnunez1
New Contributor

I have the same question/issue. Would like some feedback from the community.

daniel_ross
Contributor III

@rnunez1 and @tzeilstra came across this while searching for something and wanted to share this link that might help you out. Always test in your Jamf Pro Sandbox first but worth a look for sure.

https://derflounder.wordpress.com/2021/05/21/blocking-account-logins-to-the-failover-login-page-on-j...