We are currently using Magento EE 1.14.2.0 with the Sentry code from the devel branch. This includes the newer feature for whitelisting IP addresses to bypass 2FA. We also use New Relic to monitor the application.
Within the past hour, the Magento CP became very unresponsive with pages taking over 200s to load. New Relic monitoring showed that the Duo API is holding the pages up:
We are all using whitelisted IP addresses, so I don't understand why Duo is loading at all for our sessions. In order to allow our team to continue working, I had to put in the tfaoff.flag file on the server until the API is resolved. Is it possible to have the Sentry module truly bypass Duo (or Google) if the accessing IP is on the whitelist?
Here's a partial trace for where Magento hung up during the authentication:
We are currently using Magento EE 1.14.2.0 with the Sentry code from the devel branch. This includes the newer feature for whitelisting IP addresses to bypass 2FA. We also use New Relic to monitor the application.
Within the past hour, the Magento CP became very unresponsive with pages taking over 200s to load. New Relic monitoring showed that the Duo API is holding the pages up:
We are all using whitelisted IP addresses, so I don't understand why Duo is loading at all for our sessions. In order to allow our team to continue working, I had to put in the tfaoff.flag file on the server until the API is resolved. Is it possible to have the Sentry module truly bypass Duo (or Google) if the accessing IP is on the whitelist?
Here's a partial trace for where Magento hung up during the authentication: