The attached patch modifies JOSSO to provide failover support during login. This is done by having an array of CredentialStore objects that are processed sequentially until one is successful or they all fail.
Failover CredentialStores are done by putting additional <credential-store> blocks after the primary one.
In addition, a new IdentityStore module, called FailoverStore, has been added. This module calls the CredentialStore that authenticated the user in order to get the identity information. This means that the CredentialStore must also implement IdentityStore -- this is not a problem as all of the included modules do that already.
This has involved changes to a number of modules, including:
* The ComponentKeeper classes, so the configuration file changes can be read properly.
* Many changes to the IdentityStore, CredentialStore, and Session classes, to support passing the store that the user was found on.
* Changes to the authentication schemes to iterate through each credential store before marking it as a failure.
Patch file containing changes