Followers /info API endpoint shows no authenticators enabled (except default), cluster shows custom authenticators

Hello, We have deployed Conjur V 12.7 and we have enabled multiple authenticators (jwt,k8s,iam etc) on our leader cluster and the cluster /info api endpoint shows the authenticators in enabled state. However when we query the follower /info api endpoint, it does not show any of the authenticators in enabled state. Replication is working as expected. Is there a reason why follower /info does not have the authenticators enabled ?

When we do an integration , Jenkins for example the Conjur Appliance URL can be a follower one correct ? If the authenticators are not enabled on the follower side, should we use the cluster url in the ‘Conjur Appliance URL’ section?

Thanks in Advance.

Hi Senkothan,

I hope you have found the answer by yourself by now. And if not
try →

  1. Copy the yml file from leader to follower servers.
  2. Place it in the Conjur config directory and do
  3. evoke configuration apply
  4. Now Run a /info query using follower URL
1 Like

Senkothan,

If the Conjur Followers are deployed via Kubernetes/Openshift - you may want to consider mapping the conjur.yml file. Alternatively, we could try a similar approach if you are using a Conjur Follower as a VM and experiencing an error.

In example, lets say you have the following authenticators configured: “authn-k8s/dev-cluster-senko”, and “authn-jwt/gitlab-senko”

Try something like this on the Follower VM:

podman exec evoke variable set CONJUR_AUTHENTICATORS authn,authn-k8s/dev-cluster-senko,authn-jwt/gitlab-senko

Reference: Support Community

Hope this helps!