
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    We don't have anything like that.  Keycloak assumes that username is

    unique in a federation.  Before validating credentials it goes

    through federation list.  The first provider that finds a user of

    that username will have credentials validated against it.<br>

    <br>

    So, no failover.  I'm not sure i that's something Keycloak should be

    responsible for.  I'm open to adding it though.<br>

    <br>

    <div class="moz-cite-prefix">On 5/3/2016 12:19 PM, Josh Cain wrote:<br>

    </div>

    <blockquote

cite="mid:CA+z0A8AHi88VJo_CjU10yzCr89k-mwZT665U4SQAgtj7kq7VVA@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div>

          <div>Hi all,<br>

            <br>

          </div>

          We're attempting to stack a number of FederationProviders, and

          I was wondering if Keycloak currently does, or plans to

          support falling back to a secondary provider *after* another

          provider has already been used.<br>

          <br>

        </div>

        For example, consider a realm with two providers configured:<br>

        <ol>

          <li>ProviderA, Priority 0</li>

          <li>ProviderB, Priority1</li>

        </ol>

        <p>Where ProviderB is a fall-back mechanism containing the same

          logical userbase as ProviderA.<br>

        </p>

        <div>

          <div>

            <div>

              <div>If <i>user1</i> logs into Keycloak and is associated

                with ProviderA, then ProviderA goes down, we'd ideally

                like for ProviderB to be able to authenticate the user. 

                Right now, all our Keycloak instance does is attempt to

                authenticate <i>user1</i> with ProviderA, then fails if

                the provider is unsuccessful.  Is there a way to

                failover to ProviderB should ProviderA become

                unavailable?<br>

              </div>

              <div><br clear="all">

                <div>

                  <div class="gmail_signature">

                    <div dir="ltr"><span>

                        <div>

                          <div>Josh Cain | Software Applications

                            Engineer<br>

                          </div>

                          <i>Identity and Access Management</i><br>

                        </div>

                        <b>Red Hat</b><br>

                        +1 843-737-1735<br>

                      </span></div>

                  </div>

                </div>

              </div>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

keycloak-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Bill Burke

JBoss, a division of Red Hat

<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>

  </body>

</html>