Administration Console uses the heartbeat URL to display the health status of Identity Servers. Identity Server heartbeat is the DNS name of Identity Server plus the following path:
/nidp/app/heartbeat
L4 switches require you to use IP address rather than the DNS name. If the IP address of Identity Server is 10.10.16.50, and you have configured Identity Server for HTTPS, the heartbeat has the following URL:
https://10.10.16.50:8443/nidp/app/heartbeat
You need to configure the L4 switch to use this heartbeat to perform a health check. If you have configured SSL on Identity Servers and your L4 switch has the ability to do an SSL L7 health check, you can use HTTPS. To indicate that everything is healthy, the SSL L7 health check returns the value as 200. Therefore, any other status code indicates an unhealthy state.
For a Foundry switch, the L7 health check script string must look similar to the following when the hostname is nidp1 and the IP address is 10.10.16.50:
healthck nidp1ssl tcp dest-ip 10.10.16.50 port ssl protocol ssl protocol ssl url "GET /nidp/app/heartbeat HTTP/1.1\r\nHost: st160.lab.tst" protocol ssl status-code 200
If your switch does not support an SSL L7 health check, the HTTPS URL returns an error, usually a 404 error. Because Identity Server heartbeat URL listens on both HTTPS and HTTP, you can use an HTTP URL for switches that do not support the SSL L7 health check. For example:
http://10.10.16.50:8080/nidp/app/heartbeat
A Radware Alteon switch does not support the L7 health check, so the string for the health check must look similar to the following:
open 8080,tcp send GET /nidp/app/heartbeat HTTP/1.1\r\nHOST:heartbeat.lab.tst \r\n\r\n expect HTTP/1.1 200 close