Continuity Connector

The Continuity Connector presents a graceful way to manage unplanned IDP outages without downtime. The connector can be used to detect outages with a given IDP and seamlessly failover to a backup IDP. When the primary IDP is determined to be healthy, a failback event will occur.

Configuration options

Name

name is the unique name of the connector.

Strategy

strategy is the continuity technique that will be used. Currently, failover is the only available strategy.

Failover

failover defines the properties required to use a failover continuity strategy.

IDPs

idps are the ordered list IDPs that will be used for authentication. The first available IDP will be selected.

Attributes mapping

attributes are the list of attributes that will be mapped from the selected IDPs to the continuity connector. The attribute mapping is important so that the continuity connector can be referenced in dependent application definitions.

Name

name is the name of the attribute that will be mapped.

Mapping

mapping defines the mapping for the corresponding IDPs. There should generally be a mapping value defined for each IDP.

Default

default is the default value that will be mapped if an attribute does not exist.

Using the connector

Logout

Please note that an error will be returned if the originally selected IDP is not available at the time of logout. This is done to avoid the dangerous scenario of a user thinking they successfully logged out when they are still logged in to a given third-party IDP.

Examples

connectors:
  - name: continuity
    type: continuity
    strategy: failover
    failover:
      idps:
        - azure
        - okta
    attributes:
      - name: firstName
        mapping:
          azure: given_name
          okta: firstName
      - name: lastName
        mapping:
          azure: family_name
          okta: lastName
        default: "No last name found"