Fallback for OAuth/OpenID Connect

I'm having a look to the authentication module OAuth/OpenID Connect (rolebased), having Azure AD as IdentityProvider.

It works so far for the WebDesigner Portal.

I'm just wondering if there is any fallback option. When I configure OAuth as primary authenticator it seems that the secondary authenticator isn't applicable at all.
Isn't it possible to configure an alternative authentication (i.e. on prem AD, or Person) in case of an outage of AAD?

We are running 8.2.1 at the moment.

0 Troy Grandy over 2 years ago

you should see this option
- 0 Troy Grandy over 2 years ago in reply to Troy Grandy
  
  you should be able to set the authentication module secondary to whatever you want
  - 0 prueegg over 2 years ago in reply to Troy Grandy
    
    I've tried that. I normaly works, but in case of OAuth as primary, it seems that it isn't
  - 0 Troy Grandy over 2 years ago in reply to prueegg
    
    If the OAuth authentication hits an error then it won't fall back to the secondary authentication. Is this what you mean?
  - 0 prueegg over 2 years ago in reply to Troy Grandy
    
    As en example. as soon as i log out im on the Login Screen of microsoftonline.com. The Identitymanager Login Page isn't available in this case.
    If I change the configuration in a way that OAuth fails, I get errors from microsoftonline.com and not from the IM.
  - 0 Troy Grandy over 2 years ago in reply to prueegg
    
    I am not sure what version you are using but I know that there is an issue if you set the logout uri for the identity provider in Designer, it doesn't work. See this kb that I wrote on this issue. I do know that this does work for the HTML 5 web portal. Once the user logs out you will be redirect back to the Identity Manager login page.
    
    support.oneidentity.com/.../the-post-logout-redirect-uri-setting-does-not-work
  - 0 prueegg over 2 years ago in reply to Troy Grandy
    
    Thanks for the hint witz the KB and the corresponding hotfix, I've got in the meantime.
    Do I have to configure a specific logout page on Azure and/or in the IdentityManager to get it working?
    
    If I logout now, I still end up on the microsoftonline.com page. But I haven't configured any logout page.
  - 0 Troy Grandy over 2 years ago in reply to prueegg
    
    Yes you need to configure the logout uri in Designer for that Identity Provider you have created. It is on the applications tab for the Identity Provider.