Hi all,

We're attempting to stack a number of FederationProviders, and I was wondering if Keycloak currently does, or plans to support falling back to a secondary provider *after* another provider has already been used.

For example, consider a realm with two providers configured:
  1. ProviderA, Priority 0
  2. ProviderB, Priority1

Where ProviderB is a fall-back mechanism containing the same logical userbase as ProviderA.

If user1 logs into Keycloak and is associated with ProviderA, then ProviderA goes down, we'd ideally like for ProviderB to be able to authenticate the user.  Right now, all our Keycloak instance does is attempt to authenticate user1 with ProviderA, then fails if the provider is unsuccessful.  Is there a way to failover to ProviderB should ProviderA become unavailable?

Josh Cain | Software Applications Engineer
Identity and Access Management
Red Hat
+1 843-737-1735